Penetration Testing mailing list archives
Re: Why eEye Retina (was MBSA scanner)
From: Shawn Edwards <shawn.edwards () nokia com>
Date: Thu, 22 Apr 2004 09:17:08 +0000
ext Mike Murray wrote:
Agreed. And maybe my formatting of the email was mistaken. I was moreso coming to the defence of the company on the blanket statement of not being 'impressive', but it was not meant as an exclusive criteria for evaluation of their products. My evaluation discussion (albeit brief and somewhat thrown together) was moreso on three previous points.I know for a fact that they have some very skilled persons doing dev there. ... Just check some of their development discoveries that's gotta count for something!While this is definitely an argument for the fact that a company has very smart people working for it (which is definitely not in question in eEye's case), I question the validity of the argument as far as theevaluation of a network VA tool.
we'd all be buying something that Dave Aitel wrote.
No doubt.
And of course this is one of the strong points of nCircle's product (in my so far somewhat limited evaluation). The statement I made on "Some may have better methodologies on enumeration" was with your methodology in mind. Of course I digress and won't bother touting one product over another as there are very many points of contention, and was hoping to keep my contribution to the conversation a little more 'high-level'. Thanks for the comments Mike!While it is often given as a reason that one tool is better than another, it simply doesn't follow that an aptitude for discovering new vulnerabilities in code is the same as an aptitude for discovering knownvulnerabilities in running services in the real world.
br, s -- Office Website: http://linux.nokia.com/~shards Personal Website: http://%6A%6A%6A%2E%78%65%6C%63%67%30%74%33%33%78%2E%62%65%74 ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Why eEye Retina (was MBSA scanner), (continued)
- Re: Why eEye Retina (was MBSA scanner) Peter Wood (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Steve (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Bojan Zdrnja (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Steve (Apr 21)
- Re: Why eEye Retina (was MBSA scanner) Shawn Edwards (Apr 21)
- Re: Why eEye Retina (was MBSA scanner) Bobby . Clarke (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Cam Beasley, ISO (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Chris Hurley (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Lovrien, Scott (Apr 21)
- Re: Why eEye Retina (was MBSA scanner) Renaud Deraison (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Mike Murray (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) Shawn Edwards (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Robert E. Lee (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Peter Benson (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Doty, Stephen (BearingPoint) (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) Rainer Duffner (Apr 24)
- RE: Why eEye Retina (was MBSA scanner) Riley Hassell (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) clarke-cummings () columbus rr com (Apr 23)
- RE: Why eEye Retina (was MBSA scanner) Steve Goldsby (ICS) (Apr 26)
- Re: Why eEye Retina (was MBSA scanner) Peter Wood (Apr 21)