Penetration Testing mailing list archives
Re: Qualys
From: Byron Sonne <blsonne () rogers com>
Date: Fri, 10 Feb 2006 21:05:22 -0500
Greetings,
Qualys was one of a small handful of vendors who gave us direct access to their developers (Qualys, eEye, NGS come to mind) and the only vendor that actually provided us source code for exploit tests so that we could manually verify on our end what was being performed by the checks.
Cool, cool... I always wondered how other vendors handled that kind of thing. We display the actual rule used in all the reports (I wouldn't trust anything that I couldn't see under the hood of) and always have, I think. Added bonus is customers can also use them as templates for writing their own custom rules... cool like NASL, but more nCirclish ;)
</plug>On another note, I was thinking... is this the right list for vm type talk? I don't think there's another specific vm SecurityFocus list. I'm not suggesting starting a new one if people are happy with keeping it in pen-test... any opinions?
Cheers, B ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Qualys, (continued)
- Message not available
- Re: Qualys Christoph Puppe (Feb 12)
- Re: Qualys Gail Thorpe (Feb 09)
- Re: Qualys Curt Purdy (Feb 09)
- Re: Qualys Ben Nelson (Feb 09)
- Re: Qualys Ivan Arce (Feb 13)
- Re: Qualys Amit (Feb 12)
- Re: Qualys Byron Sonne (Feb 11)