Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Nessus - Advanced Web Application Scanning

In my previous post I have described how to create Nessus policy for basic web application scanning. This time I'll show you how to create an advanced web application scanning for Nessus.

General Tab:
This should be the same as the basic web application scanning policy.

Plugins Tab:
  • CGI abuses
  • CGI abuses XSS
  • General
  • Setting
  • Databases
  • Web servers
 Add two additional plugins on top of the list: FTP and Gain a shell remotely.

Preferences Tab:

Global Variable Settings
Tick the following check box:

Web Application Test Settings:
Tick all the check boxes.

Login Configurations:
Put in the HTTP account and password field. Just use a common username and password.

HTTP Login Page:

Click submit and you're ready to go.


Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!