I am often astonished as to just how many vulnerability checks are included with Nessus. There is something to be said for the scope of the nearly 40,000+ plugins (the numbering of the plugins started at 10001). On October 19, 2010, Nessus plugin number 50,000 was published into the feed. Let's go back and take a look at some of the first plugins:

The "official" first numbered Nessus plugin in the feed is ColdFusion Multiple Vulnerabilities (File Upload/Manipulation) - Plugin ID 10001. I fou...

Tenable Network Security was ranked 251st on the Deloitte 2010 Technology Fast 500™ program (15th in Greater Washington DC area). This program ranks the fastest growing companies in technology, media, telecommunications, life sciences and clean technology in North America. Rankings are based on the percentage of fiscal year revenue growth during the past five years. Tenable’s revenue grew 363% during this period.

This is the second year in a row that Tenable Network Security has been nam...

A new video has been uploaded to the Tenable Security YouTube Channel titled, "Integrating Hydra with Nessus":

Please visit the Tenable YouTube Channel where you can view the above video in High Definition for better picture quality

When installing Hydra on Ubuntu-based systems, here are a few tips to get all of the modules working properly:

Hydra can test different protocols against user-supplied password databases. To enable Hydra to speak these protocols I found it helpful...

Welcome to the Tenable Network Security Podcast - Episode 54

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Does your organization use “secure communication” channels, such as HTTPS? Has your IT staff placed trusted certificates on all of your critical and important web services? What about your SMTP, FTP, IMAP, LDAP, POP3, ACAP, NNTP and XMPP servers? Have any of your certificates expired? Have hackers compromised your servers and replaced them with fake certificates? Secure communications with SSL is a lot more complicated than simply going to sites that have an “https” in front of them....

In yet another record setting Patch Tuesday, Microsoft has provided fixes for 81vulnerabilities covering just about every supported Microsoft product. No matter how you slice or dice it, patches will need to be distributed throughout your environment on a large scale. There are several articles available to help you prioritize the installation of these patches. The matrix of which patches are important and the mitigating factors are simply dizzying...

Welcome to the Tenable Network Security Podcast - Episode 53

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

• Netflow Rules - I think the characteristic of NetFlow data I like the best is that it's hard to hide from. Any time you compromise a network you leave a trace inside the NetFlow data. I still think there is interesting research in the area of attacking a network and making your attacks look as much like "normal" traffic as possible....

Tenable has published API reference guides for the Nessus and SecurityCenter 4 XMLRPC interfaces. We've also added  a "Products APIs and Data Internals" topic area on the Tenable Discussion Forums. This area allows Tenable product users to ask questions about the APIs and share code. 

The Nessus API allows users to interact with the Nessus scanner in an automated fashion. For example, scans can be created and reports can be downloaded. The Nessus App for iPhone  as well as the flash inter...

2010 OWASP Top 10 – A5 Cross-Site Request Forgery (CSRF)

This web application weakness leverages image tags, XSS and other techniques to trick anauthenticated users to a sensitive site into submitting a request that does something potentially damaging with the user's credentials. For example, consider a web application that automatically posts a message to Twitter but requires a user to authenticate to the application. If the URL method for posting the message was known ahead of time, an a...

As the CEO and co-founder of Tenable Network Security, I am very proud to announce our inclusion in the 2010 Inc 5000 list of fastest growing companies in the United States. We placed #1369 out of 5000 ranked companies. Tenable is very unique on this list as being one of the only security companies present that is neither public nor has raised external investment capital. Tenable is approaching our eighth year of business and we have every intention of continuing to grow, continuing to in...