Penetration Testing mailing list archives

Re: Qualys

From: "Sugiowono" <sugiowono () datacomm co id>
Date: Fri, 10 Feb 2006 11:23:34 +0700

Any have a VMS review ? who is the the no.1 now?

----- Original Message -----From: "US Infosec" <usinfosec () gmail com>

To: <pen-test () securityfocus com>
Sent: Thursday, February 09, 2006 11:53 AM
Subject: Re: Qualys

exactly

I also prefer to break the A up, it was just a question.   It was
however important for us
to see if they had ever been in a large environment and needless to
say I was shocked by the guy's response.   I am personally not a big
fan of distributed vm systems anyhow even though everyone is trying to
put one out.   I prefer to scan at a max of a class B at a time with
multiple tools for accuracy and effectiveness of the data.

On 2/8/06, Justin Ferguson <jnferguson () gmail com> wrote:

Everyone seems to have missed what I think was his/her's point. He
asked the *technical* contact if they had every deployed in a Class A
environment (aka 16 million hosts), and he/she responded 'sure we've
supported clients with 60 thousand hosts!' (which isn't even a class b
btw), and the technical ignorance of their technical person is what
closed the door for ncircle. Or at least that is what I get out of his
email, not 'please tell me how i should deploy a vulnerability scanner
in my network' but rather a dialogue on the technical competence of
the employee's.

On 2/8/06, Byron Sonne <blsonne () rogers com> wrote:
> Greetings,
>
> > nCircle came to do a demonstration for my team once.  I work in an
> > enviornment that has a full routable class A.   I asked the technical
> > guy there if they had ever deployed their appliances in a Class A
> > enviornment and he said sure we have supported clients with 60K hosts.
> >    That was the end of our consideration.
>
> How long ago did you give it a demo? That sounds like it must have been
> a good while ago, or perhaps there was a mis-understanding of some sort.
>
> For folks with class A networks, something that big you'd deploy
> multiple units of our product as per our product architecture and
> design, as most orgs of that kind of size have done.
>
> If you like, I could put you in touch with someone inside the company
> that could discuss any issues you had. If I may ask, who did you opt to
> go with instead of nCircle?
>
> Cheers,
> Byron
>
>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>

> Hackers are concentrating their efforts on attacking applications on> your> website. Up to 75% of cyber attacks are launched on shopping carts,> forms,> login pages, dynamic content etc. Firewalls, SSL and locked-down servers> are> futile against web application hacking. Check your website for> vulnerabilities> to SQL injection, Cross site scripting and other web attacks before> hackers do!

> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website forvulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackersdo!

Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

RE: Qualys slebdawg (Feb 05)
- <Possible follow-ups>
- RE: Qualys Michael Gargiullo (Feb 06)
- RE: Qualys Mark Teicher (Feb 07)
  - Re: Qualys Byron Sonne (Feb 07)
  - Re: Qualys US Infosec (Feb 07)
    - Re: Qualys David M. Zendzian (Feb 07)
    - Re: Qualys Byron Sonne (Feb 08)
    - Re: Qualys Justin Ferguson (Feb 09)
    - Re: Qualys Byron Sonne (Feb 09)
    - Re: Qualys US Infosec (Feb 09)
    - Re: Qualys Sugiowono (Feb 10)
    - Message not available
    - Re: Qualys Christoph Puppe (Feb 12)
    - Re: Qualys Gail Thorpe (Feb 09)
    - Re: Qualys Curt Purdy (Feb 09)
    - Re: Qualys Ben Nelson (Feb 09)
    - Re: Qualys Ivan Arce (Feb 13)
- Re: Qualys Mark Teicher (Feb 08)
- RE: Qualys Michael Gargiullo (Feb 08)
  - Re: Qualys Amit (Feb 12)
- RE: Qualys Michael Gargiullo (Feb 08)
- RE: Qualys Evans, Arian (Feb 10)

(Thread continues...)