Home » Story links » Param's story links

Security Scanners Comparison Test Results

Link: http://en.hakin9.org/attachments/consumers_test.pdf
Points: 3002 views User: Param Comments: 3 Comments Tag:

We asked users about their opinion on advantages and disadvantages of security scanners. you can find out if the prices are adequate to the quality, where the main problems that the users experienced and finally you will see the ratings.

Scanner tested in this study are :


Email: Email this Story to a Friend

Should've compared Qualys too

Submitted by Param on Mon, 2007-03-05 18:06.

It would have been an interesting mix if they compared Qualys scanner too. With all the PCI mambo-jambo, I have heard good reviews of Qualys and its easy to use interface.

From their website -- Qualys

Qualys offers a full range of on demand solutions to help security managers effectively strengthen the security of their networks, conduct automated security audits and ensure compliance with internal policies and external regulations.
...snip...
Qualys' cost effective on demand technology requires no capital outlay, infrastructure or maintenance and can be deployed in a matter of hours anywhere in the world.

»

On the second look...

Submitted by Param on Tue, 2007-03-06 20:28.

Why do they have Network Scanner, Web Vulnerability Scanners, General Vulnerability Scanners all compared in one article ?

Its like asking viewers, which one is best - Nessus, Metasploit or NMAP ?

... and you would be thinking .. huh ! wtf

»

Acunetix is not a Network Scanner

Submitted by Anonymous on Tue, 2007-03-06 07:01.

Acunetix Web Vulnerability Scanner (WVS) is distinct from and complementary to network security scanners.

The Acunetix WVS has been built to avoid such situations as the following recent examples and checks for vulnerabilities in the web application.

Website Defacement: http://www.acunetix.com/news/microsoft_france.htm
Cross Site Scripting: http://www.acunetix.com/news/paypal.htm
Google Hacking: http://www.internetnews.com/xSP/print.php/3615441

Whereas network security scanners analyze the security of assets on the network for possible vulnerabilities, WVS scans and analyses the actual coding of websites and web applications (e.g., shopping carts, forms, login pages, dynamic content). Acunetix WVS is a black-box testing tool.

Network security defense provides no protection against web application attacks since these are launched on port 80 (default for websites) which has to remain open to allow regular operation of the business. In addition, web applications are more open to uncovered vulnerabilities since these are generally custom-built and, therefore, pass through a lesser degree of testing than off-the-shelf software.

WVS first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for known security vulnerabilities by launching a series of hacking attacks, in effect emulating a hacker.

For more information, please visit http://www.acunetix.com/websitesecurity/blackbox-scanners.htm

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
.