[Chugalug] Prepping a Linux server for PCI Compliance..

Christopher Rimondi chris.rimondi at gmail.com
Fri Mar 14 13:20:52 UTC 2014


Ouch! Completely agree it is a pain to get setup and going. Using their VM
isn't toooooo bad.

But you should have a disclaimer about your current employer with all
statements made on vulnerability scanners :)

Mike, you may also want to try Nikto. "Good enough" for finding web
vulnerability low hanging fruit.


On Fri, Mar 14, 2014 at 9:09 AM, AverageSecurityGuy <
stephen at averagesecurityguy.info> wrote:

> On Mar 14, 2014, at 8:27 AM, Christopher Rimondi <chris.rimondi at gmail.com>
> wrote:
>
> > If money isn't an option I would pick Nessus any day over nearly every
> other vulnerability scanner. However, if you want to go the free route:
> http://www.openvas.org/. Like Stephen said give it root creds so it is
> thorough.
> >
>
> OpenVAS sucks. If you have no other choice, then use it. By the time you
> figure out how to get it all installed and configured you will have paid
> for Nessus with your time and effort. Sorry to be so harsh but I've not had
> good luck with OpenVAS.
> --
> Stephen Haywood
> Owner, ASG Consulting
> CISSP, OSCP
> 423.305.3700
> asgconsulting.co
>
>
>
>
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>


-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140314/b2c93f82/attachment.html>


More information about the Chugalug mailing list