Penetration Testing mailing list archives

RE: Pentesting tool - Commercial

From: "Ferris, Joe" <jferris () admin fsu edu>
Date: Wed, 27 Feb 2008 13:21:07 -0500

We have a large deployment of NeXpose and have been pleased with the
overall effectiveness of our penetration testing and vulnerability
assessment programs.  We run a variety of configured scans and have them
scheduled to automatically kick off each hour, day and night.  One of
the major contributors to the success of this program has been the
remote administration capabilities of the product that includes 
detailed remediation documentation on each vulnerability.  According to
your "major factors considered", NeXpose would cover those requirements
and much more.

Regards,
Joe Ferris

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Andre Gironda
Sent: Tuesday, February 26, 2008 2:46 PM
To: pen-test
Subject: Re: Pentesting tool - Commercial

On Tue, Feb 26, 2008 at 1:39 AM, Ramki B <bramkie () gmail com> wrote:

 Core Impact is the best fit for my requirement followed by ISS. And

for VA

 Nessus is the best choice.


ISS and Nesss are redundant.  Most people prefer neXpose or Qualys to
Nessus, and some even prefer Foundscan to Nessus (for reporting,
although I don't know why personally).  There were some recent
[pulled] evaluations and neXpose came out way ahead, although like
I've mentioned on other lists, the best-of-breed would be to combine
Rapid7 neXpose with Tenable PVS.

Core Impact is fine, but what about the other 400 exploits packaged
with CANVAS, Gleg/Argeniss, and Metasploit?  I haven't even included
the CANVAS sharing alliance or D2 pack statistics, which I don't
really have readily available.  Core Impact barely has 200 exploits
all by itself.

Cheers,
Andre



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

RE: Pentesting tool - Commercial, (continued)
- RE: Pentesting tool - Commercial Foster, Matt (Feb 25)
  - RE: Pentesting tool - Commercial Ramki B (Feb 26)
    - Re: Pentesting tool - Commercial Andre Gironda (Feb 26)
    - Re: Pentesting tool - Commercial Erin Carroll (Feb 27)
    - Re: Pentesting tool - Commercial Trygve Aasheim (Feb 27)
    - Re: Pentesting tool - Commercial Andre Gironda (Feb 27)
    - Re: Pentesting tool - Commercial Trygve Aasheim (Feb 28)
    - Re: Pentesting tool - Commercial Chris McNab (Feb 28)
    - Re: Pentesting vs VA - was Pentesting tool - Commercial Robert E. Lee (Feb 28)
    - AW: Pentesting tool - Commercial puppe (Feb 27)
    - RE: Pentesting tool - Commercial Ferris, Joe (Feb 27)
- Re: Pentesting tool - Commercial M.B.Jr. (Feb 27)
- Re: Pentesting tool - Commercial Yousif (Feb 22)
  - RE: Pentesting tool - Commercial Trygve Aasheim (Feb 25)
    - Re: Pentesting tool - Commercial Terry Cutler (Feb 25)