126 Security De-engineering
When I rst came across Nessus, there were approximately about
1200 or so vulnerability “patterns” or tests included in the scanning
engine database. Now there are more than 40,000 to cater for new
product releases, older versions of software, and also since I rst used
Nessus in anger, there have been a number of tests added for operat-
ing system tests under an authenticated login session (there are tests
for Microsoft Windows platforms, and the option is given to provide
secure shell access credentials for testing; mostly these operating sys-
tem plugins test for the existence of security patches, and in the case
of Windows, there are some tests made on user accounts congura-
tions—issues such as empty or uncha ...