RE: VA support efforts (was Qualys)

From: Evans, Arian (Arian.Evans@fishnetsecurity.com)
Date: Mon Feb 13 2006 - 14:27:40 EST

• Next message: Evans, Arian: "RE: Qualys performance nonsense"
• Previous message: Mark Fosseth: "Rookie question about differences between -S and -sI option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Byron Sonne [mailto:blsonne@rogers.com]
>
> Cool, cool... I always wondered how other vendors handled
> that kind of thing.

Many vendors will put you in touch with one of their developers,
but the developers never return your call. Qualys, when I worked
with them, was excellent about *communication*. Others that deserve
props in this department are Core, NGS, and SPI. Come to think,
one of our favorite Qualys support engineers jumped to nCircle.

> We display the actual rule used in all the reports (I wouldn't

All scanners should do this. When you crash a server you should
be able to figure out why by reading the test, without support
email, phonecalls, and an unproductive circle of attempting to
reproduce test cases.

> cool like NASL, but more nCirclish ;)

nCircle started as a Nessus-scan shop, so that makes sense.

> is this the right list for vm type talk?

VA and pen go together. There is also increasing blur between this
list and the various webappsec, vuln dev, and secure coding lists.

If you mean asset management or whatever new [aggregate]-management
phrase the VA vendors are going to start calling themselves, I am
unsure of list needs. Does this blur with the [asset|vuln|attack]
-management discussions on the IDS lists too?

Apology this has gone way off topic.

I was disappointed to see a vendor who has worked hard to support
our team in the past get denigrated by what may be an unrepresentative
or inaccurate anecdote. Vendors trying hard to keep their technology
caught up with their marketing deserve positive reinforcement IMO,
as not all vendors subscribe to that page of the fair play journal.

-ae

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Evans, Arian: "RE: Qualys performance nonsense"
• Previous message: Mark Fosseth: "Rookie question about differences between -S and -sI option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT