I've been trying to determine Nessus' coverage of the SANS Top 20 and
later other standard security benchmarks and I've started putting a
table together.
It needs to be updated with any rule changes that have happened within
the last few weeks and cleaned up a bit.
Feel free to contribute anything. I'm planning on keeping it up to date.
I know other people are also doing this, it would be great if we could
collaborate.
Right now I'm focusing on Top20 and I'm trying to break each CVE down in
to whether or not it can be remotely detected, any bugtraq id it may
have, the nessus rule id which covers it, or I think covers it and then
the script name just to make it easier to read. Any other criteria you
think I should include?
thanks,
Ian Nelson
Latis Networks
later other standard security benchmarks and I've started putting a
table together.
It needs to be updated with any rule changes that have happened within
the last few weeks and cleaned up a bit.
Feel free to contribute anything. I'm planning on keeping it up to date.
I know other people are also doing this, it would be great if we could
collaborate.
Right now I'm focusing on Top20 and I'm trying to break each CVE down in
to whether or not it can be remotely detected, any bugtraq id it may
have, the nessus rule id which covers it, or I think covers it and then
the script name just to make it easier to read. Any other criteria you
think I should include?
thanks,
Ian Nelson
Latis Networks
Attached Files:
-
SANSTop20.gnumeric (4.55 KB)