Security Assessment Method

Use nessus to test for problems

Get nessus running

Before using nessus, always run nessus-update-plugins to get all the latest plugins from

Then start the nessus server with nessus &

Use nessus

Start the nessus client with nessus

Now run the scan. You can tail the log file to watch progress.

Save the file in native format, and in html format. A separate save is necessary for each format.

A note about 'safe checks'

Having 'safe checks' enabled will increase false positives. When 'safe checks' is turned on, nessus may find a suspected vulnerability, but will not run any potentially damaging exploit against it to possibly eliminate it as a finding.

Inspect the results

There will be a little 'do not enter' icon next to each serious finding, and a little triangle with a '!' on it next to warnings. We'll look at how to handle these in the next section.

Prev: <-nmap Next: manual testing->