Educause Security Discussion
mailing list archives
From: Andy Rivers <rivers () TENNESSEE EDU>
Date: Thu, 2 Aug 2007 10:48:28 -0400
We are looking at purchasing a new vulnerability scanner to use on our
security assessments, and I was wondering if anyone could provide insight to
some of the tools that they currently use. Right now we use a combination
of open source tools and commercial products, but we are not very happy with
the results that we are getting from our commercial products.
We have three main categories that we assess: database, web, and
workstations/servers. So we are examining if we will get more accurate
results by having a specialized scanner for each category or if there's a
product out there that will accurately and thoroughly scan all three
categories. I would be interested in hearing how some of you currently do
your assessments, do you have a separate tool for each one or do you use the
same scanner for all of them?
Also, we are pretty sure that we are going to have to do an RFP for this, so
if anyone has already done a similar RFP and would be willing to share that
Thanks in advance for you responses.
Senior Security Analyst
Information Security Office
University of Tennessee
rivers () tennessee edu
- Vulnerability Scanners Andy Rivers (Aug 02)