Penetration Testing mailing list archives
Re: Vulnerability scanners
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 27 Mar 2003 18:01:42 -0500 (EST)
On Thu, 27 Mar 2003, Chris Sharp wrote:
Does Qualys' claim to more vulnerability signatures and faster/easier updatesholdwater?Well the front page of qualys.com claims that they scan for 2531 vulnerabilities, that's twice what Nessus (1378) or ISS (1218) claim. As for updates, it's all on their servers and hardware, set it up once and forget abotu software updates. Fire and forget. Not sure about the rate of false positives, but my impression is that they're cautious, only reporting False positives for dangerous bugs. They don't do active tests, so they don't exploit known bugs and crash servers during testing. A lot of Nessus modules need to be launched manually and result in the scanned machine needing a reboot - somewhat inconvenient but it removes any doubt as to how vulnerable you are.
Not totally, one of the recent Information Security issues tested nessus, iss, and a few other scanners. Not one came out with shining colors, though iss and nessus ranked first and second. but, it was what they could not do well and such that was the real meat of the article. The scan is only the beginning, a point of reference from which the real work begins in trying to ascertain how vulnerable one might be. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Re: Vulnerability scanners, (continued)
- Re: Vulnerability scanners Alvin Oga (Mar 27)
- RE: Vulnerability scanners Rob Shein (Mar 27)
- Re: Vulnerability scanners Alex Russell (Mar 27)
- Re: Vulnerability scanners Nicolas Gregoire (Mar 27)
- Re: Vulnerability scanners R. DuFresne (Mar 27)
- RE: Vulnerability scanners Ken Smith (Mar 27)
- RE: Vulnerability scanners Rosado, Rafael (Rafael) (Mar 27)
- RE: Vulnerability scanners Rosado, Rafael (Rafael) (Mar 27)
- Re: Vulnerability scanners Jeff Williams @ Aspect (Mar 27)
- Re: Vulnerability scanners Chris Sharp (Mar 27)
- Re: Vulnerability scanners R. DuFresne (Mar 27)
- Re: Vulnerability scanners Paris Stone (Mar 27)
- RE: Vulnerability scanners Michael Welch (Mar 27)
- RE: Vulnerability scanners Derrick Johnson (Mar 28)
- Re: Vulnerability scanners Roman Medina (Mar 28)
- RE: Vulnerability scanners David Nester (Mar 28)
- RE: Vulnerability scanners Michael Welch (Mar 27)