On 21 Feb 2008 08:56:46 -0000, <bramkie@gmail.com> wrote:
I am looking for information on the commercial VA & Pentest tools.
Why? What's the problem that you are trying to solve?
Though iam aware of Nessus, Core Impact, Canvas, Backtrack, etc. I need some
inputs on other tool that can be used VA and Pentest.
1) Capability to address network elements (such as Routers, Switches,
Firewall, IPS/IDS)
You'd be well off with looking into hardened configurations and
architectures for these devices. I suggest checking out the Nipper
tool, the CIS benchmarking tools, and the NSA SNAC, NIST, or IIA
hardening guides. Your vendor may also have suggestions (e.g. Cisco
SRND's), but these are often used to sell additional
equipment/software/support. I suggest leaving the penetration-testing
to be confined to the lab.
2) Commercially usable (we plan to offer this as a service also)
If by this you mean, "anything but open-source or free software", then
you have already failed.
3) Reporting capabilities
Yes, go buy Core Impact and Qualys if this is your first priority.
CANVAS, Metasploit, neXpose, and PVS have "harder to cobble together"
reports, and the result is usually less pretty pictures. I read
somewhere that XML is better than CSV, and that by using XML parsing,
it's possible to accomplish anything including SVG's, accurate plots,
and beautifully presented data in any fashion you want. I think this
might require a programmer.
Cheers,
Andre
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
