Improving Web Application Security: Threats and Countermeasures

Before using this How To, you should be aware of the following:

• You can use MBSA by using the graphical user interface (GUI) or from the command line. The GUI executable is Mbsa.exe and the command line executable is Mbsacli.exe.

• MBSA uses ports 138 and 139 to perform its scans .

• MBSA requires administrator privileges on the computer that you scan. The options /u (username) and /p (password) can be used to specify the username to run the scan. Do not store user names and passwords in text files such as command files or scripts.

• MBSA requires the following software:

  • Windows NT 4.0 SP4 and above, Windows 2000, or Windows XP (local scans only on Windows XP computers that use simple file sharing).

  • IIS 4.0, 5.0 (required for IIS vulnerability checks).

  • SQL 7.0, 2000 (required for SQL vulnerability checks).

  • Microsoft Office 2000, XP (required for Office vulnerability checks).

  • The following services must be installed/enabled: Server service, Remote Registry service, File & Print Sharing.

  • The section Additional Information later in this How To includes tips on working with MBSA.