« Backdooring UIML's and Existing JavaScript Applications | Main | NGSEC's Security Game #3 - BrainStorming »

Vulnerability Scanners Review

Someone has written up a review of 11 security scanners specifically.

ISS Internet Security Systems
SSS Shadow Security Scanner
Retina eEye
GFI Languard Network Security Scanner
Qualys www.qualys.com
Nstealth Security Scanner www.nstalker.com
Infiltrator infiltration-systems.com

"I was looking at 3 main areas while evaluating the scanners. 1. Comprehensiveness of the testing: including how many options are allowed for different scanning, IDS evasion, and types of scans. Also in this category is the availability for the latest exploits and a custom exploit option to allow me to plug in custom exploits.

2. Quality of the program: included in this category is availability of updates, speed of various variables, efficiency, �smartness� or �AI� of the program while scanning/reporting, security- (does running this version of this vuln scanner leave me vulnerable?), scheduling capabilities, alert and message capabilities, quality of exploits, reactions to � false positives", and overall feature and capabilities.

3. Reporting Capabilities: How easy is it to create a report? The quality and design of the report. The comprehensiveness and personalization of the reports.. "

Article Link: http://www.askapache.com/2006/security/vulnerability-scanners-review.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!