I recall a rather persuasive argument long ago about penetration testing that the owner of the network is too close to the problem, and is at risk of overlooking potential issues that they hadn't already thought of. Hiring an outside consultant who isn't already familiar with your network was argued to be much more effective.
Apparently it also tends to be more reassuring for bosses, who often value the opinions of an outside consultant more than they do those of their own employees. On Tue, Jun 10, 2014 at 4:44 PM, Drew Van Zandt <[email protected]> wrote: > http://en.wikipedia.org/wiki/SAINT_(software) > > Derived from SATAN. > > Also handy: > http://www.openvas.org/ > > > > *Drew Van Zandt Cam # US2010035593 (M:Agapito Acosta) * > > > On Tue, Jun 10, 2014 at 4:38 PM, Chris Wallace <[email protected]> wrote: > > > Well, since I work for "a consulting company" that seems very attractive > ;) > > > > You could try OWASP ZAP, but again that's a little raw. > > > > > > On Tue, Jun 10, 2014 at 4:26 PM, [email protected] < > > [email protected]> wrote: > > > > > We need to run security / vulnerability scans against our web server > and > > > business application (on the same server), I'm looking for suggestion, > > pro > > > and con on scanning tools and any concerns (legal?) around using them. > > The > > > tools don't need to be free but should cost less than $1000. > > > > > > I'm open to learning to use the tools, I've tried Metasploit, NeXpose > and > > > Nmap but I'm not sure I have the time and the output data provided > seems > > a > > > bit raw. > > > > > > I'm also looking at Acunetix, they have a cloud based vulnerability > > > scanner, you get three scans for $810. > > > > > > Any help or suggestions other than "hire a consulting company" would be > > > appreciated we just don't have the budget to do that right now. > > > > > > Thanks, > > > Scott > > > _______________________________________________ > > > Discuss mailing list > > > [email protected] > > > http://lists.blu.org/mailman/listinfo/discuss > > > > > > > > > > > -- > > *Chris Wallace* > > The Ohio State University | Computer Science and Engineering 2015 > > _______________________________________________ > > Discuss mailing list > > [email protected] > > http://lists.blu.org/mailman/listinfo/discuss > > > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email: [email protected] / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
