The first edition of Nessus sold just under 10,000 units worldwide.
The Updated Version of the Bestselling Nessus Book.
This is the ONLY Book to Read if You Run Nessus Across the Enterprise
Ever since its beginnings in early 1998, the Nessus Project has attracted
security researchers from all walks of life. It continues this growth today. It
has been adopted as a de facto standard by the security industry, vendor, and
practitioner alike, many of whom rely on Nessus as the foundation to their
security practices. Now, a team of leading developers have created the
definitive book for the Nessus community.
* Perform a Vulnerability Assessment
Use Nessus to find programming errors that allow intruders to gain unauthorized
* Obtain and Install Nessus
Install from source or binary, set up up clients and user accounts, and update
* Modify the Preferences Tab
Specify the options for Nmap and other complex, configurable components of
* Understand Scanner Logic and Determine Actual Risk
Plan your scanning strategy and learn what variables can be changed.
* Prioritize Vulnerabilities
Prioritize and manage critical vulnerabilities, information leaks, and denial of
* Deal with False Positives
Learn the different types of false positives and the differences between
intrusive and nonintrusive tests.
* Get Under the Hood of Nessus
Understand the architecture and design of Nessus and master the Nessus Attack
Scripting Language (NASL).
* Scan the Entire Enterprise Network
Plan for enterprise deployment by gauging network bandwith and topology issues.
* Nessus is the premier Open Source vulnerability assessment tool, and has been
voted the "most popular" Open Source security tool several times.
* The first edition is still the only book available on the product.
* Written by the world''s premier Nessus developers and featuring a forword by
the creator of Nessus, Renaud Deraison.
About the Author
Russ is a co-founder, CEO, CTO and Principal Security Consultant for
Security Horizon, Inc. Russ is a United States Air Force Veteran and has served
in military and contract support for the National Security Agency and the
Defense Information Systems Agency. Russ is also the editor-in-chief of "The
Security Journal." He also serves as the Professor of Network Security at the
University of Advancing Technology (uat.edu) in Tempe, AZ. Russ is the author of
Hacking a Terror Network: The Silent Threat of Covert Channels (Syngress, ISBN
1-928994-98-9). He has contributed to many books including Stealing the Network:
How to Own a Continent (Syngress, ISBN: 1-931836-05-1), Security Assessment:
Case Studies for Implementing the NSA IAM (Syngress, ISBN 1-932266-96-8),
WarDriving, Drive, Detect, Defend: A Guide to Wireless Security (Syngress, ISBN:
1-931836-03-5) and SSCP Study Guide and DVD Training System (Syngress, ISBN:
1-931846-80-9). He is also a co-founder of the Security Tribe information
security research web site
Chapter 1 Vulnerability Assessment 1
Chapter 2 Introducing Nessus 25
Chapter 3 Installing Nessus 39
Chapter 4 Running Your First Scan 79
Chapter 5 Interpreting Results 129
Chapter 6 Vulnerability Types 169
Chapter 7 False Positives 189
Chapter 8 Under the Hood 219
Chapter 9 The Nessus Knowledge Base 247
Chapter 10 Enterprise Scanning 275
Chapter 11 NASL 331
Chapter 12 The Nessus User Community 365
Chapter 13 Compliance Monitoring with Nessus 3 391