[Chugalug] Prepping a Linux server for PCI Compliance..
chris.rimondi at gmail.com
Fri Mar 14 13:20:52 UTC 2014
Ouch! Completely agree it is a pain to get setup and going. Using their VM
isn't toooooo bad.
But you should have a disclaimer about your current employer with all
statements made on vulnerability scanners :)
Mike, you may also want to try Nikto. "Good enough" for finding web
vulnerability low hanging fruit.
On Fri, Mar 14, 2014 at 9:09 AM, AverageSecurityGuy <
stephen at averagesecurityguy.info> wrote:
> On Mar 14, 2014, at 8:27 AM, Christopher Rimondi <chris.rimondi at gmail.com>
> > If money isn't an option I would pick Nessus any day over nearly every
> other vulnerability scanner. However, if you want to go the free route:
> http://www.openvas.org/. Like Stephen said give it root creds so it is
> OpenVAS sucks. If you have no other choice, then use it. By the time you
> figure out how to get it all installed and configured you will have paid
> for Nessus with your time and effort. Sorry to be so harsh but I've not had
> good luck with OpenVAS.
> Stephen Haywood
> Owner, ASG Consulting
> CISSP, OSCP
> Chugalug mailing list
> Chugalug at chugalug.org
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug