RE: Pentesting tool - Commercial

We have a large deployment of NeXpose and have been pleased with the
overall effectiveness of our penetration testing and vulnerability
assessment programs. We run a variety of configured scans and have them
scheduled to automatically kick off each hour, day and night. One of
the major contributors to the success of this program has been the
remote administration capabilities of the product that includes
detailed remediation documentation on each vulnerability. According to
your "major factors considered", NeXpose would cover those requirements
and much more.

Regards,
Joe Ferris


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Andre Gironda
Sent: Tuesday, February 26, 2008 2:46 PM
To: pen-test
Subject: Re: Pentesting tool - Commercial

On Tue, Feb 26, 2008 at 1:39 AM, Ramki B <bramkie@xxxxxxxxx> wrote:
Core Impact is the best fit for my requirement followed by ISS. And
for VA
Nessus is the best choice.

ISS and Nesss are redundant. Most people prefer neXpose or Qualys to
Nessus, and some even prefer Foundscan to Nessus (for reporting,
although I don't know why personally). There were some recent
[pulled] evaluations and neXpose came out way ahead, although like
I've mentioned on other lists, the best-of-breed would be to combine
Rapid7 neXpose with Tenable PVS.

Core Impact is fine, but what about the other 400 exploits packaged
with CANVAS, Gleg/Argeniss, and Metasploit? I haven't even included
the CANVAS sharing alliance or D2 pack statistics, which I don't
really have readily available. Core Impact barely has 200 exploits
all by itself.

Cheers,
Andre



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------