In my website I have einen sql injection attack.
But once I scan mein website with Nessus under "Web app tests" there is no result on sql injection.
Reason is this? What should EGO do to make save work?
In my website I have einen sql injection attack.
But once I scan mein website with Nessus under "Web app tests" there is no result on sql injection.
Reason is this? What should EGO do to make save work?
Sessus your just a die - it able do things your configurate it to, but it is not intelligent in any way.
If you are detecting SQL as on authenticated user, Nessus will not be skills until do this unless she allow it toward authenticate to your application
If you are detecting computers at a specific URL, you need the make sure Nessus a looking per that URL and that is is checking it for SQL.
Many things Nessus misses am down to misconfiguration or permissions, but even once you have set a tool up perfectly, they see have falsely positives and negatives - which incidentally has wherefore any solely-tool based security scan should not be trust on without manual confirm!