oracle VA/PT

From: Massimo (massimo.mail_at_quipo.it)
Date: 09/27/05

  • Next message: njfanelli_at_hotmail.com: "DCOM Security." 
    Date: Tue, 27 Sep 2005 06:06:48 +0200
To: pen-test@securityfocus.com

    Hi to all.

    Some day ago I was quite surprised to see that on a server that was
    scanned with nessus and with emaze scanner that revealed no relevant
    security hole, there was oracle installed and active with all the
    default oracle user/password activated (i.e. system/manager,
    scott/tiger, etc).

    What VA tool can find default user on oracle? Is it possible to find
    that info with Nessus (perhaps I can't use it at its best)?

    Best Regards,
                    Massimo
    PS
    I usually activate all the check on nessus and emaze.

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

  • Next message: njfanelli_at_hotmail.com: "DCOM Security."

    Relevant Pages

    • Re: What is being a pen tester really like?
      ... Nessus is a vulnerability scanner and using it to ... conduct a test is called a vulnerability assessment. ... Security experts recommend that an annual penetration test be ... This is NOT something Nessus does, ...
      (Pen-Test)
    • RE: oracle VA/PT
      ... I find it strange that nessus didn't even see an open port on 1421. ... There is a commercial database security scanner out there. ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: Security scanning tools
      ... We also run ISS Internet Scanner, ... > compared the results to the regular nessus scan. ... > it reports no patches to be applied. ... > correctly reports security ...
      (Security-Basics)
    • Re: Political Challenges Using Nessus
      ... Subject: Political Challenges Using Nessus ... > processes within your organization is to have a WRITTEN corporate security ... > necessary to ascertain and promote your corporate security requirements. ... I am impatient...I hate politics ..I know I can pull this ...
      (Security-Basics)
    • RE: The Ultimate Toolkit...
      ... The Windows port of Nessus is called NEWT and is sold by Tenable ... Security, a company that was at least partially started by the original ... If you are not the intended recipient any ...
      (Pen-Test)