Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Best Commercial Vulnerability Scanner

From: "Andy Cuff (Talisker)" <SecurityLists () securitywizardry com>
Date: Fri, 15 Aug 2008 21:59:30 +0100
Hi Danux,
We've spent sometime breaking down Vulnerability scanners into a variety of
sub categories depending on what you need them to do, from your product
choice you appear to be looking for a Website Scanner, our breakdown is as
follows:

At the top of the tree is Distributed vulnerability scanners which generally
serve enterprises or managed services where you need to distribute the
scanning engines due to bandwidth constraints etc
We have listed them here
http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product
s/Distributed-Scanners.html

Beneath this would come your network vulnerability scanners, such as Nessus
or Hailstorm (Cenzic)
http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product
s/Network-Scanners.html

Then you start to get specialised such as with web testing with products
like your Acunetix product, which I just added to the listing along with SPI
Dynamics which I now understand to be WebInspect after it's acquisition by
HP
http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product
s/Website-Scanners.html

Database Scanners
http://www.networkintrusion.co.uk/index.php/component/mtree/Scanning-Product
s/Database-Scanners.html

Watchfire has been acquired by IBM, blue rinsed and integrated into Rational
software quality management solutions.  I can't find much reference to it on
the IBM site

We also have categories for 
Active and Passive OS Fingerprinting tools such as nmap and P0F
Network enumerators
Network mappers (enterprise)
Vulnerability Exploiters such as Metasploit and Core

The site is a new reincarnation of our old site, some of the listings are
dated and I need people to rate and review the products.  We hope to launch
it properly once it's finished sometime in September

Regards    

Andy Cuff
Computer Network Defence Ltd
www.networkintrusion.co.uk






We are doing vulnerability testing using SPI Dynamics with 
Mercury Quality Center to defect management but this tool is 
too expensive
(SPI) and also when using with MQC it is too slow.

In the past i have used Acunetix, i think is faster than SPI 
Dynamics but i dont know about the price.

do you know if Gartner, personal experience or other source 
where i can have a comparison between those kind of products?
I mean like SPI Dynamics, WatchFire, Acunetix, Cenzic, so on.

We are looking cheaper costs, better performance and good 
vulnerability defect management.

Thanks a lot.

--
Danux, CISSP, OSCP, ISO27001

--------------------------------------------------------------
----------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
--------------------------------------------------------------
----------







------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: