CGISecurity Logo

Vulnerability Scanners Review

Someone has written up a review of 11 security scanners specifically.

ISS Internet Security Systems
SSS Shadow Security Scanner
Retina eEye
Nessus
GFI Languard Network Security Scanner
Qualys http://www.qualys.com
Nstealth Security Scanner http://www.nstalker.com
Nikto
Whisker
Infiltrator infiltration-systems.com
Nscan

"I was looking at 3 main areas while evaluating the scanners.
1. Comprehensiveness of the testing: including how many options are
allowed for different scanning, IDS evasion, and types of scans. Also
in this category is the availability for the latest exploits and a
custom exploit option to allow me to plug in custom exploits.

2. Quality of the program: included in this category is
availability of updates, speed of various variables, efficiency,
�smartness� or �AI� of the program while scanning/reporting, security-
(does running this version of this vuln scanner leave me vulnerable?),
scheduling capabilities, alert and message capabilities, quality of
exploits, reactions to � false positives", and overall feature and capabilities.

3. Reporting Capabilities: How easy is it to create a report? The
quality and design of the report. The comprehensiveness and
personalization of the reports.. "

Article Link: http://www.askapache.com/2006/security/vulnerability-scanners-review.html