Penetration Testing mailing list archives
RE: Best Commercial Vulnerability Scanner
From: "Andy Cuff (Talisker)" <SecurityLists () securitywizardry com>
Date: Fri, 15 Aug 2008 21:59:30 +0100
Hi Danux, We've spent sometime breaking down Vulnerability scanners into a variety of sub categories depending on what you need them to do, from your product choice you appear to be looking for a Website Scanner, our breakdown is as follows: At the top of the tree is Distributed vulnerability scanners which generally serve enterprises or managed services where you need to distribute the scanning engines due to bandwidth constraints etc We have listed them here http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product s/Distributed-Scanners.html Beneath this would come your network vulnerability scanners, such as Nessus or Hailstorm (Cenzic) http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product s/Network-Scanners.html Then you start to get specialised such as with web testing with products like your Acunetix product, which I just added to the listing along with SPI Dynamics which I now understand to be WebInspect after it's acquisition by HP http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product s/Website-Scanners.html Database Scanners http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product s/Database-Scanners.html Watchfire has been acquired by IBM, blue rinsed and integrated into Rational software quality management solutions. I can't find much reference to it on the IBM site We also have categories for Active and Passive OS Fingerprinting tools such as nmap and P0F Network enumerators Network mappers (enterprise) Vulnerability Exploiters such as Metasploit and Core The site is a new reincarnation of our old site, some of the listings are dated and I need people to rate and review the products. We hope to launch it properly once it's finished sometime in September Regards Andy Cuff Computer Network Defence Ltd www.networkintrusion.co.uk
We are doing vulnerability testing using SPI Dynamics with Mercury Quality Center to defect management but this tool is too expensive (SPI) and also when using with MQC it is too slow. In the past i have used Acunetix, i think is faster than SPI Dynamics but i dont know about the price. do you know if Gartner, personal experience or other source where i can have a comparison between those kind of products? I mean like SPI Dynamics, WatchFire, Acunetix, Cenzic, so on. We are looking cheaper costs, better performance and good vulnerability defect management. Thanks a lot. -- Danux, CISSP, OSCP, ISO27001 -------------------------------------------------------------- ---------- This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Best Commercial Vulnerability Scanner Danux (Aug 14)
- Re: Best Commercial Vulnerability Scanner Andre Gironda (Aug 15)
- <Possible follow-ups>
- RE: Best Commercial Vulnerability Scanner Andy Cuff (Talisker) (Aug 15)
- Message not available
- RE: Best Commercial Vulnerability Scanner Andy Cuff (Talisker) (Aug 16)
- Message not available