oracle VA/PT

• Previous message: random: "FW: isensor"
• Next in thread: Lukasz Szczepanski: "Re: oracle VA/PT"
• Reply: Lukasz Szczepanski: "Re: oracle VA/PT"
• Maybe reply: Josh Perrymon: "RE: oracle VA/PT"
• Maybe reply: Josh Perrymon: "RE: oracle VA/PT"
• Maybe reply: Michael Gargiullo: "RE: oracle VA/PT"
• Reply: jd: "Re: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Sep 2005 06:06:48 +0200
To: pen-test@securityfocus.com

Hi to all.

Some day ago I was quite surprised to see that on a server that was
scanned with nessus and with emaze scanner that revealed no relevant
security hole, there was oracle installed and active with all the
default oracle user/password activated (i.e. system/manager,
scott/tiger, etc).

What VA tool can find default user on oracle? Is it possible to find
that info with Nessus (perhaps I can't use it at its best)?

Best Regards,
                Massimo
PS
I usually activate all the check on nessus and emaze.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: random: "FW: isensor"
• Next in thread: Lukasz Szczepanski: "Re: oracle VA/PT"
• Reply: Lukasz Szczepanski: "Re: oracle VA/PT"
• Maybe reply: Josh Perrymon: "RE: oracle VA/PT"
• Maybe reply: Josh Perrymon: "RE: oracle VA/PT"
• Maybe reply: Michael Gargiullo: "RE: oracle VA/PT"
• Reply: jd: "Re: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: What is being a pen tester really like? ... Nessus is a vulnerability scanner and using it to ... conduct a test is called a vulnerability assessment. ... Security experts recommend that an annual penetration test be ... This is NOT something Nessus does, ... (Pen-Test) RE: oracle VA/PT ... I find it strange that nessus didn't even see an open port on 1421. ... There is a commercial database security scanner out there. ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) Re: Security scanning tools ... We also run ISS Internet Scanner, ... > compared the results to the regular nessus scan. ... > it reports no patches to be applied. ... > correctly reports security ... (Security-Basics) Re: Political Challenges Using Nessus ... Subject: Political Challenges Using Nessus ... > processes within your organization is to have a WRITTEN corporate security ... > necessary to ascertain and promote your corporate security requirements. ... I am impatient...I hate politics ..I know I can pull this ... (Security-Basics) Re: Nessus - open or closed source? ... While I cannot state who I work for due to security reasons, ... whether it be nessus or others. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... (Pen-Test)