Re: Qualys

[Byron Sonne <blsonne () rogers com>]

Greetings,

> Qualys was
> one of a small handful of vendors who gave us direct access to
> their developers (Qualys, eEye, NGS come to mind) and the only
> vendor that actually provided us source code for exploit tests
> so that we could manually verify on our end what was being
> performed by the checks.

Cool, cool... I always wondered how other vendors handled that kind of 
thing. We display the actual rule used in all the reports (I wouldn't 
trust anything that I couldn't see under the hood of) and always have, I 
think. Added bonus is customers can also use them as templates for 
writing their own custom rules...  cool like NASL, but more nCirclish ;)
</plug>

On another note, I was thinking... is this the right list for vm type 
talk? I don't think there's another specific vm SecurityFocus list. I'm 
not suggesting starting a new one if people are happy with keeping it in 
pen-test... any opinions?

Cheers,
B



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------