From: Richard Zaluski (rzaluski@ivolution.ca)
Date: Sun Mar 19 2006 - 10:54:26 EST
While CORE and Metasploit are great products (iVOLUTION uses both in our
engagements) they are more on the Penetration side. I would look at Retina
Network Security Scanner, ISS as well as SAINT (We also use SAINT)
In our engagements we always employ two automated scanners so that results
can be cross referenced to weed out potential false positives.
Richard Zaluski
CISO, Security and Infrastructure Services
iVOLUTION Technologies Incorporated
905.309.1911 Ext 600
866.601.4678 Ext 600
www.ivolution.ca
rzaluski@ivolution.ca
-----Original Message-----
From: bill.louis@gmail.com [mailto:bill.louis@gmail.com] On Behalf Of Alice
Bryson
Sent: Friday, March 17, 2006 7:02 AM
To: Tblinux
Cc: pen-test@securityfocus.com
Subject: Re: Vuln Scanning software choices
hi
Core Impact and CANVAS are very good pen test tool.
Metasploit is a free version of pen test tool, you could try it.
2005/11/11, Tblinux <TBLinux@covad.net>:
> I know that most if not all of you use or have used Nessus at some
> point. I've been following the thread. Now that it appears that Nessus
> is seriously ratcheting down support for independent consultants and
> corporate / gov't users without a registered and paid for license what
> scanning software are you considering? Has anyone done a *complete*
> comparison of all of the scanning software out there and made a choice
> based on the findings? If so what was it?
>
> I work for a fairly large company and the contract negotiations with
> Tenable are going poorly and the company I work for is looking at the
> options.
>
> Any input would be greatly appreciated!!!!
>
>
----------------------------------------------------------------------------
-- > Audit your website security with Acunetix Web Vulnerability Scanner: > > Hackers are concentrating their efforts on attacking applications on your > website. Up to 75% of cyber attacks are launched on shopping carts, forms, > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are > futile against web application hacking. Check your website for vulnerabilities > to SQL injection, Cross site scripting and other web attacks before hackers do! > Download Trial at: > > http://www.securityfocus.com/sponsor/pen-test_050831 > ---------------------------------------------------------------------------- --- > > -- Homepage:http://www.lwang.org We collect spam for research at: mailto:abryson@bytefocus.com ---------------------------------------------------------------------------- -- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:42 EDT