I recently tested the SANS Top 20 Scan and correlated the tested vulnerabilities with the CVE at the Sans Top 20 v8.0 website (http://www.sans.org/top20/)
At the Web Browser (C1) the C1.3, CVE for Internet Explorer, the following CVE were *not* tested by Foundstone Scan:,
(I haven't check the other groups yet.)
RDMessage was edited by: epo909 on 11/18/09 9:00 AM
That does seem odd. I'm looking into this and I'll respond back to this thread when I get a status update from my R&D team.
It does look like our San's Top 20 is a bit out of date for a few checks. The FBI hasn't updated that list in over 3 years so it's not something most customer use currently. Thank you for bringing this to our attention.
I wanted to let you know that we have reviewed all of the CVE mappings to the SAN's checks and this will be fixed in next weeks FASL release.