Thanks for your inputs.
To answer your queries,
I am looking for information on the commercial VA & Pentest tools.
Why? What's the problem that you are trying to solve?
No specific problem but the need is a comprehensive tool that can test
network devices also in addition to OS and Web apps.
2) Commercially usable (we plan to offer this as a service also)
If by this you mean, "anything but open-source or free software", then
you have already failed.
Since we are offering this commercially as a service there are certain
customers who object using Open source/Free tools.
Thanks
Ramki
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Andre Gironda
Sent: Tuesday, February 26, 2008 5:36 AM
To: pen-test@securityfocus.com
Subject: Re: Pentesting tool - Commercial
On 21 Feb 2008 08:56:46 -0000, <bramkie@gmail.com> wrote:
I am looking for information on the commercial VA & Pentest tools.
Why? What's the problem that you are trying to solve?
Though iam aware of Nessus, Core Impact, Canvas, Backtrack, etc. I need
some inputs on other tool that can be used VA and Pentest.
1) Capability to address network elements (such as Routers, Switches,
Firewall, IPS/IDS)
You'd be well off with looking into hardened configurations and
architectures for these devices. I suggest checking out the Nipper
tool, the CIS benchmarking tools, and the NSA SNAC, NIST, or IIA
hardening guides. Your vendor may also have suggestions (e.g. Cisco
SRND's), but these are often used to sell additional
equipment/software/support. I suggest leaving the penetration-testing
to be confined to the lab.
2) Commercially usable (we plan to offer this as a service also)
If by this you mean, "anything but open-source or free software", then
you have already failed.
3) Reporting capabilities
Yes, go buy Core Impact and Qualys if this is your first priority.
CANVAS, Metasploit, neXpose, and PVS have "harder to cobble together"
reports, and the result is usually less pretty pictures. I read
somewhere that XML is better than CSV, and that by using XML parsing,
it's possible to accomplish anything including SVG's, accurate plots,
and beautifully presented data in any fashion you want. I think this
might require a programmer.
Cheers,
Andre
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
