Re: vulnerability scanners

[Paul Asadoorian <paul () pauldotcom com>]

Hi Andrew,

I wasn't sure from your email if you were comparing penetration testing
frameworks to vulnerability scanners, but they should be thought of, and
treated as, separate products.

In short: a vulnerability scanner is going to give you a comprehensive
view of your vulnerabilities.

An exploit framework is going to give you more depth and intrusiveness
into the vulnerabilities that exist.

My other suggestion is that when you compare vulnerability scanners,
don't use the default settings to compare.  Take the time to test each
one against a test environment and tune the scanner accordingly.  Also,
your targets should be real, and you should have a pretty good idea the
vulnerabilities that exist before you start running scans. There is a
lot more to take into consideration, feel free to ping me with specific
questions.

Hope that helps!

Cheers,
Paul

On 8/31/10 12:02 PM, Andrew Anderson wrote:
> So I'm looking to justify the purchase of a vulnerability scanning
> product and am looking for some objective opinions.
>
> I am partial to Nessus, due in part to the fact that I have used it
> before and it's price is really attractive.
> I am looking at Core as well - trying to figure out which on of their
> products lines up best with Nessus proffesional feed (for comparisons).
>
> Can anyone point me to a decent third party comparison online?
> Does anyone have any suggestions for a  third contender for my list?
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
Fax: 1.877.846.2187
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com