4 min
Custom Vulnerability Checks using Nexpose's Vulnerability Schemas
Over the years, several documents have been written about how to write custom
vulnerability checks in Nexpose. The most important of these include one about
the various components of a vulnerability check
[https://kb.help.rapid7.com/docs/nexpose-writing-vulnerability-checks], one
that
gives examples of common vulnerability checking techniques
[https://kb.help.rapid7.com/docs/nexpose-common-vulnerability-check-examples],
and another about converting NASL checks to something compatible with Nexpo
1 min
Vulnerability Correlation -- Enabled by Default
Vulnerability correlation is a feature of Nexpose where a vulnerable result from
one vulnerability can be overridden by an invulnerable result from another. As
an example of how this works and why it is a useful option to have enabled, take
CVE-2011-3192 [http://web.nvd.nist.gov/view/vuln/detail?vulnId=cve-2011-3192], a
fun DoS vulnerability that affected Apache HTTPD back in 2011. Nexpose has one
unauthenticated vulnerability check (lets call it V1) that will run against all
discovered Apac