PaulDotCom mailing list archives
Re: vulnerability scanners
From: Paul Asadoorian <paul () pauldotcom com>
Date: Tue, 31 Aug 2010 13:10:23 -0400
Hi Andrew, I wasn't sure from your email if you were comparing penetration testing frameworks to vulnerability scanners, but they should be thought of, and treated as, separate products. In short: a vulnerability scanner is going to give you a comprehensive view of your vulnerabilities. An exploit framework is going to give you more depth and intrusiveness into the vulnerabilities that exist. My other suggestion is that when you compare vulnerability scanners, don't use the default settings to compare. Take the time to test each one against a test environment and tune the scanner accordingly. Also, your targets should be real, and you should have a pretty good idea the vulnerabilities that exist before you start running scans. There is a lot more to take into consideration, feel free to ping me with specific questions. Hope that helps! Cheers, Paul On 8/31/10 12:02 PM, Andrew Anderson wrote:
So I'm looking to justify the purchase of a vulnerability scanning product and am looking for some objective opinions. I am partial to Nessus, due in part to the fact that I have used it before and it's price is really attractive. I am looking at Core as well - trying to figure out which on of their products lines up best with Nessus proffesional feed (for comparisons). Can anyone point me to a decent third party comparison online? Does anyone have any suggestions for a third contender for my list? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- vulnerability scanners Andrew Anderson (Aug 31)
- Re: vulnerability scanners Butturini, Russell (Aug 31)
- Re: vulnerability scanners Michael Douglas (Aug 31)
- Re: vulnerability scanners Paul Asadoorian (Aug 31)
- Re: vulnerability scanners Daniel (Aug 31)
- Re: vulnerability scanners Albert R. Campa (Aug 31)
- Re: vulnerability scanners Francois Lachance (Sep 02)
- Re: vulnerability scanners Michael Dickey (Aug 31)
- <Possible follow-ups>
- Re: Vulnerability Scanners Herndon Elliott (Sep 01)
- Re: Vulnerability Scanners Albert R. Campa (Sep 01)
- Re: vulnerability scanners Butturini, Russell (Aug 31)