Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: vulnerability scanners
From: "Daniel" <Daniel () virturity com>
Date: Tue, 31 Aug 2010 19:18:16 +0100

Maybe GFI Languard is worth a look as well depending on your requirements
and environment.
http://www.gfi.com/lannetscan

Free trial and i think 5 IP free after the trial ran out, so always good to
have around for a quick scan or comparison of results.

Daniel

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com
[mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Paul Asadoorian
Sent: 31 August 2010 18:10
To: PaulDotCom Security Weekly Mailing List
Cc: Andrew Anderson
Subject: Re: [Pauldotcom] vulnerability scanners

Hi Andrew,

I wasn't sure from your email if you were comparing penetration testing
frameworks to vulnerability scanners, but they should be thought of, and
treated as, separate products.

In short: a vulnerability scanner is going to give you a comprehensive
view of your vulnerabilities.

An exploit framework is going to give you more depth and intrusiveness
into the vulnerabilities that exist.

My other suggestion is that when you compare vulnerability scanners,
don't use the default settings to compare.  Take the time to test each
one against a test environment and tune the scanner accordingly.  Also,
your targets should be real, and you should have a pretty good idea the
vulnerabilities that exist before you start running scans. There is a
lot more to take into consideration, feel free to ping me with specific
questions.

Hope that helps!

Cheers,
Paul

On 8/31/10 12:02 PM, Andrew Anderson wrote:
So I'm looking to justify the purchase of a vulnerability scanning
product and am looking for some objective opinions.

I am partial to Nessus, due in part to the fact that I have used it
before and it's price is really attractive.
I am looking at Core as well - trying to figure out which on of their
products lines up best with Nessus proffesional feed (for comparisons).

Can anyone point me to a decent third party comparison online?
Does anyone have any suggestions for a  third contender for my list?



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
Fax: 1.877.846.2187
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault