Re: VA vs PT tool

[James Fields <jvfields () tds net>]

I didn't see this on your list below but I would be surprised if no one
had suggested it...

Nessus (www.nessus.org) will do *some* of that depending upon the
vulnerability and how you configure Nessus to do the scan.  The
following are advantages/disadvantages depending upon your point of
view:

1.  Runs on Linux (as a server, there are clients for other platforms
for driving the scans)
2.  Open-source
3.  Plugin-based allowing for quick and regular updates to
vulnerabilities checked
4.  Many plugins written using Nessus' own scripting language making
them fairly easy to look at and modify

Biggest disadvantage is it really isn't well documented how to use it to
greatest effect, but it's free so it doesn't cost anything to play with
it and see if it does what you need.

On Thu, 2003-06-12 at 22:07, SimonChan () lifeisgreat com sg wrote:
> Hi,
>
> i posted some time on the list a couple of months back for some
> recommendations on a good VA tool.
>
> The bulk of the responses pointed to ISS, NetRecon and Vigilante.
>
> However, a VA tool is limited, in that it only stops at the vulnerability.



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------