RE: Features of a vulnerability scanner

From: Blake Wiedman [Icons] (bwiedman_at_iconsinc.com)
Date: 12/01/03

  • Next message: wirepair: "Re: Features of a vulnerability scanner"
    To: "'Marc Ruef'" <maru@scip.ch>, <pen-test@securityfocus.com>
    Date: Mon, 1 Dec 2003 14:20:53 -0500
    
    

    My major gripe is reporting, I would love a product that gives me full
    extensibility in regards to the output of the report (in MSWord Format)
    .

    I would like to also see the possibility of out put being grouped by
    vulnerability not by machine.

    Example:
    Level: Low
    The following machines have remote RPC enabled:
    192.168.1.1
    192.168.1.2
    192.168.1.3

    By machine is good for small scans but becomes cumbersome for large
    scans of hosts >=50.

    Blake Wiedman
    Icons Inc.
    Security Technician
    (732) 821-9100 x103

    -----Original Message-----
    From: Marc Ruef [mailto:maru@scip.ch]
    Sent: Monday, December 01, 2003 5:27 AM
    To: pen-test@securityfocus.com
    Cc: sectools@securityfocus.com
    Subject: Features of a vulnerability scanner

     
    WARNING: Unsanitized content follows.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Dear List

    I would like to ask you pen-testers two generic questions about
    vulnerability scanners:

    1. Which features for you are very important or is the most important in
    a vulnerability scanner software?
    2. Which features are you missing in the existing vulnerability scanner
    products?

    A vulnerability scanner in this context is a tool that looks automaticly
    for potential security holes. There are for example Nessus, ISS Internet
    Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante, Dante
    Security Scanner, ... Port scanner and enumeration utilities like nmap,
    N-Stealth, Whisker or Nikto are here not counted to vulnerability
    scanners.

    Yours,

    Marc Ruef

    - --
    ) scip AG (
    Technoparkstr. 1
    8005 Zürich
    T +41 1 445 18 18
    F +41 1 445 18 19

    maru@scip.ch
    www.scip.ch

    - - Pragmatisches Projektmanagement -

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0
    Comment: http://www.scip.ch

    iQA/AwUBP8sXXhe5hzJzqVMhEQLYZwCgpFHRj/ilv51PUAEFHWRqbuo+fHkAn24J
    z6YgR9JIPl1/Q6lcCfOw4zKr
    =RDZw
    -----END PGP SIGNATURE-----

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: wirepair: "Re: Features of a vulnerability scanner"

    Relevant Pages

    • RE: Features of a vulnerability scanner
      ... because the banner clearly shows a non-vulnerable ... One of the most important feature in a vulnerability scanner is it's ... Which features for you are very important or is the most important ... > for potential security holes. ...
      (Pen-Test)
    • RE: Features of a vulnerability scanner
      ... AEPOS Technologies Corporation ... Which features for you are very important or is the most important in a vulnerability scanner software? ... Which features are you missing in the existing vulnerability scanner products? ...
      (Pen-Test)
    • RES: Nt Vulnerability scanner
      ... Subject: RES: Nt Vulnerability scanner ... Security Analist ... install agents or run them remotely. ... very easy to write your own to meet the security configuration of your ...
      (Security-Basics)
    • Re: Features of a vulnerability scanner
      ... One of the most important feature in a vulnerability scanner is it's ... That's one of the primary thing that, I think, is missing. ... Which features are you missing in the ... > for potential security holes. ...
      (Pen-Test)
    • Features of a vulnerability scanner
      ... I would like to ask you pen-testers two generic questions about vulnerability scanners: ... Which features for you are very important or is the most important in a vulnerability scanner software? ...
      (Pen-Test)