From: Byron Sonne (blsonne@rogers.com)
Date: Fri Feb 10 2006 - 21:05:22 EST
Greetings,
> Qualys was
> one of a small handful of vendors who gave us direct access to
> their developers (Qualys, eEye, NGS come to mind) and the only
> vendor that actually provided us source code for exploit tests
> so that we could manually verify on our end what was being
> performed by the checks.
Cool, cool... I always wondered how other vendors handled that kind of
thing. We display the actual rule used in all the reports (I wouldn't
trust anything that I couldn't see under the hood of) and always have, I
think. Added bonus is customers can also use them as templates for
writing their own custom rules... cool like NASL, but more nCirclish ;)
</plug>
On another note, I was thinking... is this the right list for vm type
talk? I don't think there's another specific vm SecurityFocus list. I'm
not suggesting starting a new one if people are happy with keeping it in
pen-test... any opinions?
Cheers,
B
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:30 EDT