Penetration Testing mailing list archives
Re: Vulnerability Assessment
From: Kish Pent <kish_pent () yahoo com>
Date: Tue, 24 Jul 2007 11:02:24 -0700 (PDT)
To the list, and to everyone that speaks for Qualysguard. I personally confirmed the fact that tier-2 researchers work for their R&D team, from their Asia-pacific contact, Mr.Howard Buzick. I used the engine 5.x of Qualysguard, consulting version.I evaluated Qualys for 30 days, along with other scanners which include ISS, Foundstone, Retina, GFI Languard, and Nessus ofcourse ;) In the end of the exhaustive 7 day exercise, Nessus & Retina seemed to be fairly good compared to other scanners. GFI Languard, at best is described to be a toy scanner. ISS is not really cool either, Qualysguard was the worst scanner, with "the most less no of vulns" tracked to date. (around 5300, if i remember correctly) If someone wants proof, you can email me in private, since the evaluation was done as a part of company's decision to buy a scanner for consulting + in-house work. Nessus has around 14,500+ plugins roughly (updated last night) Strongly recommend Nessus for a scanning option. It doesn't make too much sense investing by "belief". If you think you have to buy, why not test it rigorously before buying to see the proof. After all, as the saying goes, " THE PROOF OF THE PUDDING IS IN THE EATING " Regards Kish --- Danux <danuxx () gmail com> wrote:
Well, Qualys Guard, is one of the most used for Leader Corporate Enterprises. When you see a new vulnerability going out to public (through Microsoft, BugTrack, so on,)Qualys Guard Team discover it one week ago. And let me tell you something, Historically, mcAfee is "only-good" for viruses, but for threats discovery they are not the best solution. You should check which kind of companies have McAffe FoundStone and which have Qualys Guard( i work on one of the Financial World Leader Company who used Qualys in all the WORLD!!!!) i think its a good reference. Hope this help. On 7/23/07, Colin Grady <colin.grady () gmail com> wrote:Uzair, Have you looked at Critical Watch(http://www.criticalwatch.com/)?Colin On 6/4/07, Uzair Hashmi <uzair () kse com pk> wrote:Hello list, I have been evaluating an automatedvulnerability assessment software, have found two of them better for the organizational needs. I need your help to select only one out of the two.1- QualysGuard (http://www.qualys.com) 2- Foundstone Enterprise
(http://www.mcafee.com/us/enterprise/products/vulnerability_management/foundstone_enterprise.html)
Please advice. Regards, Uzair
Kishore Penetration Tester Smart Security T.Nagar , Chennai Phone: 91 98841 80767 ____________________________________________________________________________________ Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Vulnerability Assessment Mondai Ji (Jul 23)
- <Possible follow-ups>
- Re: Vulnerability Assessment Colin Grady (Jul 23)
- Re: Vulnerability Assessment Danux (Jul 23)
- Re: Vulnerability Assessment Kish Pent (Jul 25)
- Re: Vulnerability Assessment Danux (Jul 23)
- Re: Vulnerability Assessment Deepak Parashar (Jul 23)
- Re: Vulnerability Assessment US Infosec (Jul 24)
- Re: Vulnerability Assessment jfvanmeter (Jul 24)
- Re: Vulnerability Assessment Pete Herzog (Jul 24)
- RE: Vulnerability Assessment Uzair Hashmi (Jul 25)
- Re: Vulnerability Assessment US Infosec (Jul 27)
- Re: Vulnerability Assessment Tima Soni (Jul 31)
- Re: Vulnerability Assessment Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jul 31)
- Re: Vulnerability Assessment Pete Herzog (Jul 25)