RE: Features of a vulnerability scanner

From: Gonenc, Ozan (ogonenc@adga.ca)
Date: Mon Dec 01 2003 - 14:14:14 EST

• Next message: Nexus: "Re: New Articles @ SecurityFocus"
• Previous message: wirepair: "Re: Features of a vulnerability scanner"
• Maybe in reply to: Marc Ruef: "Features of a vulnerability scanner"
• Next in thread: Kohlenberg, Toby: "RE: Features of a vulnerability scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Marc,

Most important (Accuracy and Speed):
Accurate results - ports and the services running on them
Speed of scans
Filter Detection

What's missing:
Customized reporting
3D results
network map generation
updated CVE linkage
applications interface scanners
application code review

______________________________
Ozan Gonenc
IS Security Specialist
AEPOS Technologies Corporation
200-200 Rue Montcalm
Gatineau, Quebec J8Y 3B5
(819) 772-8522 (W)
(819) 772-0449 (F)
http://www.aepos.com
 

-----Original Message-----
From: Marc Ruef [mailto:maru@scip.ch]
Sent: December 1, 2003 05:27
To: pen-test@securityfocus.com
Cc: sectools@securityfocus.com
Subject: Features of a vulnerability scanner

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear List

I would like to ask you pen-testers two generic questions about vulnerability scanners:

1. Which features for you are very important or is the most important in a vulnerability scanner software?
2. Which features are you missing in the existing vulnerability scanner products?

A vulnerability scanner in this context is a tool that looks automaticly for potential security holes. There are for example Nessus, ISS Internet Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante, Dante Security Scanner, ... Port scanner and enumeration utilities like nmap, N-Stealth, Whisker or Nikto are here not counted to vulnerability scanners.

Yours,

Marc Ruef

- --
) scip AG (
Technoparkstr. 1
8005 Zürich
T +41 1 445 18 18
F +41 1 445 18 19

maru@scip.ch
www.scip.ch

- - Pragmatisches Projektmanagement -

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: http://www.scip.ch

iQA/AwUBP8sXXhe5hzJzqVMhEQLYZwCgpFHRj/ilv51PUAEFHWRqbuo+fHkAn24J
z6YgR9JIPl1/Q6lcCfOw4zKr
=RDZw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Nexus: "Re: New Articles @ SecurityFocus"
• Previous message: wirepair: "Re: Features of a vulnerability scanner"
• Maybe in reply to: Marc Ruef: "Features of a vulnerability scanner"
• Next in thread: Kohlenberg, Toby: "RE: Features of a vulnerability scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT