Hi Greenbone Community,
I have a couple of questions regarding the “Web Application Abuse” NVT family within the “Full and Fast” scan policy.
1. Is the “Web Application Abuse” family necessary for unauthenticated scans?
I recently ran two unauthenticated scans:
- Scan 1: With the “Web Application Abuse” family enabled.
- Scan 2: Without the “Web Application Abuse” family enabled.
Upon comparing the results, I noticed only a slight difference—just 2-3 additional HTTP NVTs were identified when the family was enabled. However, there was a significant reduction in scan time when the family was excluded—almost a 50% improvement (which is actually desired).
Given this observation, I’m wondering if this NVT family is essential for unauthenticated scans. My assumption is that most NVTs in this family require credentialed access to identify vulnerabilities effectively, but I’d like to confirm if this is accurate.
2. Is the “Web Application Abuse” family relevant for laptop/desktop scans?
If the scan target is limited to laptops and desktops, would it make sense to include this NVT family? From what I understand, this family seems more relevant to web application vulnerabilities, which might not typically be associated with standard laptops or desktops.
Is there any scenario where this family could provide meaningful results when scanning laptops/desktops, or would it be safe to exclude it in such cases?
I’d greatly appreciate insights from anyone with experience or knowledge regarding these questions. Thank you in advance for your time and help!