Re: openvas vs nessus

[Ron Gula <rgula () tenable com>]

On 12/13/2010 6:17 PM, Robin Wood wrote:
> I was wondering if anyone used both OpenVas and Nessus while on tests
> and if so how do you find the results, do they tend to match, does one
> have more false positives/negatives than the other?
>
> I'm thinking for tests where stealth isn't an issue it might be nice
> to run both scanners but if they both detect the same issues then it
> isn't worth the effort.

When testing vulnerability scanners, it's important to realize there are
very different segments of code that go into a scanner. Although OpenVAS
is based on Nessus2, there have been many major changes in Nessus over
the past few years you should consider.

For un-credentialed checks (scanning without admin rights) you should
consider how fast the scan runs, the number of ports/hosts scanners and
the overall false positive/negative rate.

For credentialed checks speed is also something you should consider.
False positives are less of an issue with credential checks, but false
negatives are a big issue. Lots of other scanners besides Nessus miss
3rd party apps like java, trend, iTunes, .etc. and only focus on patches
related to the OS. Doing things like running netstat durign a port-scan
dramatically changes the speed of the scan as well.

In general if you watch the amount of memory used by your scanner while
it is scanning, you can get a sense of how well it will scan when
testing 100s of hosts, 1000s of hosts, .etc.

If you are doing PCI, FDCC, CIS or other types of audits, Tenable added
config auditing to Nessus so you can report on these types of standards.

If folks have test results of Nessus and other scanners, I am always
interested in how things performed.

-- 
Ron Gula, CEO
Tenable Network Security
http://www.tenable.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com