Penetration Testing mailing list archives
Re: Qualys
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 9 Feb 2006 06:03:32 -0500
FYI, I did an analysis of a bank's (not mine) vuln test by Qualys and EVERY "found vulnerability" was a false positive i.e. a found Apache vuln on an IIS server. I would never spend good money using them. While I'm at it I will dis NetBankAudit. We spent $5K to have them do a "pentest" of an acquisition and they found one small problem. I followed that up with my own pentest between 10pm and 4am the following Sunday and found SEVEN serious problems. We will never use them again. Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA Information Security Officer If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-----Original Message----- From: Byron Sonne [mailto:blsonne () rogers com] Sent: Wednesday, February 08, 2006 11:08 AM To: US Infosec Cc: pen-test () securityfocus com Subject: [lists] Re: Qualys Greetings,nCircle came to do a demonstration for my team once. I work in an enviornment that has a full routable class A. I asked thetechnicalguy there if they had ever deployed their appliances in a Class A enviornment and he said sure we have supported clients with60K hosts.That was the end of our consideration.How long ago did you give it a demo? That sounds like it must have been a good while ago, or perhaps there was a mis-understanding of some sort. For folks with class A networks, something that big you'd deploy multiple units of our product as per our product architecture and design, as most orgs of that kind of size have done. If you like, I could put you in touch with someone inside the company that could discuss any issues you had. If I may ask, who did you opt to go with instead of nCircle? Cheers, Byron -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Qualys, (continued)
- Re: Qualys Byron Sonne (Feb 07)
- Re: Qualys US Infosec (Feb 07)
- Re: Qualys David M. Zendzian (Feb 07)
- Re: Qualys Byron Sonne (Feb 08)
- Re: Qualys Justin Ferguson (Feb 09)
- Re: Qualys Byron Sonne (Feb 09)
- Re: Qualys US Infosec (Feb 09)
- Re: Qualys Sugiowono (Feb 10)
- Message not available
- Re: Qualys Christoph Puppe (Feb 12)
- Re: Qualys Gail Thorpe (Feb 09)
- Re: Qualys Curt Purdy (Feb 09)
- Re: Qualys Ben Nelson (Feb 09)
- Re: Qualys Ivan Arce (Feb 13)
- Re: Qualys Amit (Feb 12)
- Re: Qualys Byron Sonne (Feb 11)