Penetration Testing mailing list archives
RE: Pentesting tool - Commercial
From: "Ferris, Joe" <jferris () admin fsu edu>
Date: Wed, 27 Feb 2008 13:21:07 -0500
We have a large deployment of NeXpose and have been pleased with the overall effectiveness of our penetration testing and vulnerability assessment programs. We run a variety of configured scans and have them scheduled to automatically kick off each hour, day and night. One of the major contributors to the success of this program has been the remote administration capabilities of the product that includes detailed remediation documentation on each vulnerability. According to your "major factors considered", NeXpose would cover those requirements and much more. Regards, Joe Ferris
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andre Gironda Sent: Tuesday, February 26, 2008 2:46 PM To: pen-test Subject: Re: Pentesting tool - Commercial On Tue, Feb 26, 2008 at 1:39 AM, Ramki B <bramkie () gmail com> wrote:Core Impact is the best fit for my requirement followed by ISS. Andfor VANessus is the best choice.ISS and Nesss are redundant. Most people prefer neXpose or Qualys to Nessus, and some even prefer Foundscan to Nessus (for reporting, although I don't know why personally). There were some recent [pulled] evaluations and neXpose came out way ahead, although like I've mentioned on other lists, the best-of-breed would be to combine Rapid7 neXpose with Tenable PVS. Core Impact is fine, but what about the other 400 exploits packaged with CANVAS, Gleg/Argeniss, and Metasploit? I haven't even included the CANVAS sharing alliance or D2 pack statistics, which I don't really have readily available. Core Impact barely has 200 exploits all by itself. Cheers, Andre
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Pentesting tool - Commercial, (continued)
- RE: Pentesting tool - Commercial Foster, Matt (Feb 25)
- RE: Pentesting tool - Commercial Ramki B (Feb 26)
- Re: Pentesting tool - Commercial Andre Gironda (Feb 26)
- Re: Pentesting tool - Commercial Erin Carroll (Feb 27)
- Re: Pentesting tool - Commercial Trygve Aasheim (Feb 27)
- Re: Pentesting tool - Commercial Andre Gironda (Feb 27)
- Re: Pentesting tool - Commercial Trygve Aasheim (Feb 28)
- Re: Pentesting tool - Commercial Chris McNab (Feb 28)
- Re: Pentesting vs VA - was Pentesting tool - Commercial Robert E. Lee (Feb 28)
- RE: Pentesting tool - Commercial Ramki B (Feb 26)
- RE: Pentesting tool - Commercial Foster, Matt (Feb 25)
- AW: Pentesting tool - Commercial puppe (Feb 27)
- RE: Pentesting tool - Commercial Ferris, Joe (Feb 27)
- RE: Pentesting tool - Commercial Trygve Aasheim (Feb 25)
- Re: Pentesting tool - Commercial Terry Cutler (Feb 25)