Educause Security Discussion mailing list archives
Re: Penetration Testing Software
From: "Rue, Brian R." <brue () ADMIN FSU EDU>
Date: Tue, 10 Mar 2009 09:53:02 -0400
I second Joel's comment on Rapid7. It supports general security and specialty vulnerability scans/pen testing for PCI DSS/HIPPA/FERPA/GLB. Also, used as a valuable tool for our campus unit server audit process (http://security.fsu.edu/ITSEC/ITSEC%20Server%20Security%20Audit%2007110 6_files/frame.htm). Brian R. Rue, CPA, CISA, CIA Assistant Director, Information Security Florida State University Tallahassee, FL 32310-2760 Work 850.645.8056 Web site: security.fsu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Tuesday, March 10, 2009 9:32 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Penetration Testing Software We use Nexpose from Rapid7 and are very happy with it. Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Tuesday, March 10, 2009 9:24 AM -0400 Karen Stopford <stopfordk () CT EDU> wrote:
Core Impact is a little pricey, but you may get a break on licensing
costs and can reduce the overall price by limiting the number of hosts/networks you scan
at any given time. Core also provides external PEN testing services,
and in my last analysis their price/performance far outdid the competition.
Their Web site is http://www.coresecurity.com/ . C. Karen Stopford, CISSP Associate Executive Officer for I.T. Security CT State University System 39 Woodland Street Hartford, CT 06105 (860) 493-0116 Note: This email does is not intended to serve as an endorsement of
any product or service, and the opinion expressed herein is solely that of the author
based on prior private sector experience, and does not in any way
reflect the opinion or position of the CT State University System. From: The EDUCAUSE
Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James R. Pardonek
Sent: Monday, March 09, 2009 5:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Penetration Testing Software We are looking at penetration testing, either by a third party or by
using purchased software in-house. I was curious what others were doing, some costs and
issues.
Thanks, James R. Pardonek, CISSP Senior Network Administrator Network Infrastructure Management and Maintenance Computing Technology and Information Services Purdue University Calumet Hammond, Indiana
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Penetration Testing Software James R. Pardonek (Mar 09)
- <Possible follow-ups>
- Re: Penetration Testing Software Daniel Bennett (Mar 10)
- Re: Penetration Testing Software Karen Stopford (Mar 10)
- Re: Penetration Testing Software Joel Rosenblatt (Mar 10)
- Re: Penetration Testing Software Axworthy, Heather (Mar 10)
- Re: Penetration Testing Software Jay Tumas (Mar 10)
- Re: Penetration Testing Software Rue, Brian R. (Mar 10)
- Re: Penetration Testing Software King, Ronald A. (Mar 10)
- Re: Penetration Testing Software David Grisham (Mar 10)
- Re: Penetration Testing Software Curt Wilson (Mar 11)
- Re: Penetration Testing Software randy marchany (Mar 11)
- Re: Penetration Testing Software Christopher Jones (Mar 11)