Here is the plugin synopsis/description:

Synopsis

Load estimation for web application tests.

Description

This script computes the maximum number of requests that would be done by the generic web tests, depending on miscellaneous options. It does not perform any test by itself.

The results can be used to estimate the duration of these tests, or the complexity of additional manual tests.Note that the script does not try to compute this duration based on external factors suc...

1. Your Car - Your company may have vehicles, and certainly a good percentage of your employees drive to work every day. The security implications surrounding company vehicles are not something you ne...

1. That New GPS Gizmo - There are long-standing privacy concerns surrounding GPS systems. For example, an attacker may be able to see where you've been by looking at the history stored inside your GPS. I think another concern for the enterprise is when these devices are plugged into USB ports of computers within your organization. What if the device was "Certified Pre-0wned" (e.g. a careless employee accidentally compromises a manufacturing plant’s software repository and ships a Trojan o...

Welcome to the Tenable Network Security Podcast - Episode 43

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

• Several new blog posts have been published this week, including:
  • Tenable Reaches 100th Employee
  • Detecting ALL of Your Websites Passively and Continuously
  • Unlimited Discovery Scanning with SecurityCenter and Nessus
  • Microsoft Patch Tuesday Roundup - July 2010 - "Jedi Mind Trick Edition"
  • Detecting Recurring Vulnerabilities

For the past several months, Tenable Network Security has been creating and filling new positions within the company. As we continue to grow, Tenable has been steadily working to improve Nessus and its line of Enterprise products, and we have recently added our 100th employee to our roster… but we’re not done yet. Tenable currently has nine open positions listed on our Careers page, including career opportunities in Development, Engineering, Training and Sales.

Among the positions lis...

How Does this Work?

The PVS watches all network traffic and recognizes various protocols such as HTTP, SMTP and FTP in a port-independent manner. This means if you have a web server running on port 8000 with traffic to it, the PVS will identify it along with its web server type and vulnerabilities.

By watching and tracking successive web sessions and decoding the HTTP protocol, the PVS can monitor state on all of the web servers on each port and host and produce reports such as the one...

With the recent release of SecurityCenter 4.0.1, Tenable has modified the IP-based licensing to include unlimited discovery scanning. This means organizations that make use of SecurityCenter can perform routine ping sweeps of their backbones and network blocks without it counting against their licensed IPs.

When Microsoft releases their patches each month, I find it interesting to review the criticality of each vulnerability. Microsoft has, in their typical fashion, used some very interesting wording to describe the latest batch of vulnerabilities. When reading each security bulletin, I try to imagine the worst-case scenario and look at the glass as half empty. Microsoft seems to paint a picture and believes the glass to be half full by using phrases s...

Welcome to the Tenable Network Security Podcast - Episode 42

You may even find an answer to the ultimate question of life, the universe and everything in this very episode!

Hosts: Paul Asadoorian, Product Evangelist

• Several new blog posts have been published this week, including:
  • Tenable at Black Hat USA 2010!
  • Research Spotlight: Oracle Patch Auditing
  • Nessus and the Fight against Viruses
• New Nessus training is now being offered at conferences! - The new course ...

July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend Black Hat USA 2010! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I ...