Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: Vulnerability solution
From: "Ofer Shezaf" <ofer () shezaf com>
Date: Sun, 18 Nov 2012 11:41:02 +0200

I'd like to take the opportunity to reply on Guillermo's message, as it is
one of the few in the threat that makes any sense (actually it makes a lot
of sense). Offering Nessus as an answer to Mohamed's original question, is
just not taking either security or Mohamed's question seriously. The large
number of such answers, brings one to contemplate the state of security in
general which I did in a frustrate4d blog post:
http://xiom.com/2012/11/18/do_we_know_security.

~ Ofer

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Guillermo Caminer
Sent: Saturday, November 17, 2012 1:09 AM
To: mdaa.uae () gmail com
Cc: webappsec () securityfocus com; pen-test () securityfocus com
Subject: Re: Vulnerability solution

Dear Mohamed,
as somebody already said, there is not a single scanner wich can cover -all-
these components (silver bullet), you will have better luck using different
scanners for different components.

Like everybody said, Nessus is the most general/overall solution.

That been said, if you're serious about your systems security (as I think
you are, because you're looking for a complete scanner solution) I strongly
recommend using a professional pentester, review, among other things, the
source code of your applications and educate your programmers and network
administrators. These are the -only- things that will effectively reduce
your risk and can give you a -real- measure of your systems security.

Scanners only should NOT be used to do a -real- evaluation as this is
misleading.

It's a cliche, but: Security is not a product, is a process.

Sorry for answering something you didn't ask ;)

Best regards.

On 11/14/2012 03:53 AM, mdaa.uae () gmail com wrote:
Dear All

Is there anyone can refer me to vulnerability solution tool that can scan
the system which consists of applications,database and web.the solution
should provide detailed information regarding all the layers in the
enterprise systems.

Thank you

Mohamed





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]