Educause Security Discussion mailing list archives
Re: Vulnerability Assessment tools
From: Jon Hanny <jehanny () GWU EDU>
Date: Wed, 21 Oct 2009 09:49:18 -0400
We use multiple tools. Some that we currently use or have used in the past are: Web Inspect, Cenzic Hailstorm, Qualys, paros, nikto. We run all of our OS's against the CISecurity standards (script based, cisecurity.org). My testers also use variuos manual testing techniques. Respectfully, Jon Hanny, CISSP Application Security Specialist The George Washington University 703-726-4469 jehanny () gwu edu appsec () gwu edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dick Jacobson Sent: Wednesday, October 21, 2009 9:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Vulnerability Assessment tools I have been asked by my CIO to again look at Vulnerabiltity Assessment tools for our state Higher Ed network and institutions. We did contract with a consultant a while back for pen testing and this was one of their recommendations for each of our institutions. I remember seeing discussion on this a few years ago but the landscape, I'm sure, has changed. My timeline is pretty condensed so I am asking for your help. I am looking for suggestions of tools that you might use or have looked at as well as tools you are aware of. We have 11 institutions geographically dispersed and "administered". However, at this point, nothing is off the table. Our solution may be appliance based or software or a hosted solution or a mix of these. Some of our institutions have adequate staff. Others have one or two people who don't have a lot of extra time to add this to their duties. I am interested in a tool (or multiple ?) that will handle web assessment as well as server/endpoint assessment; and database assement would be a bonus. Any help you can give me will be greatly appreciated. Thanks. ----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus edu NDUS IT Security Officer office : STTC 219 phone : 701-231-6280 <NEW phone number> -----------------------------------------------------------------------
Current thread:
- Vulnerability Assessment tools Dick Jacobson (Oct 21)
- <Possible follow-ups>
- Re: Vulnerability Assessment tools Jon Hanny (Oct 21)
- Re: Vulnerability Assessment tools Brad Edmondson (Nov 02)