RE: Vuln Scanning software choices

["Richard Zaluski" <rzaluski () ivolution ca>]

While CORE and Metasploit are great products (iVOLUTION uses both in our
engagements) they are more on the Penetration side.  I would look at Retina
Network Security Scanner, ISS as well as SAINT (We also use SAINT)

In our engagements we always employ two automated scanners so that results
can be cross referenced to weed out potential false positives.


Richard Zaluski
CISO, Security and Infrastructure Services 
iVOLUTION  Technologies Incorporated
905.309.1911 Ext 600
866.601.4678 Ext 600
www.ivolution.ca
rzaluski () ivolution ca

-----Original Message-----
From: bill.louis () gmail com [mailto:bill.louis () gmail com] On Behalf Of Alice
Bryson
Sent: Friday, March 17, 2006 7:02 AM
To: Tblinux
Cc: pen-test () securityfocus com
Subject: Re: Vuln Scanning software choices

hi
    Core Impact and CANVAS are very good pen test tool.
    Metasploit is a free version of pen test tool, you could try it.

2005/11/11, Tblinux <TBLinux () covad net>:
> I know that most if not all of you use or have used Nessus at some
> point. I've been following the thread. Now that it appears that Nessus
> is seriously ratcheting down support for independent consultants and
> corporate / gov't users without a registered and paid for license what
> scanning software are you considering? Has anyone done a *complete*
> comparison of all of the scanning software out there and made a choice
> based on the findings? If so what was it?
>
> I work for a fairly large company and the contract negotiations with
> Tenable are going poorly and the company I work for is looking at the
> options.
>
> Any input would be greatly appreciated!!!!
----------------------------------------------------------------------------
--
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
> futile against web application hacking. Check your website for
vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
>


--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to
proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).

Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
----------------------------------------------------------------------------
--




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------