In my experience in scanning (internal nd external), together with some
experience with consultants, I've learned that are several tools for
several tastes.
nmap is a very all-round tool.
superscan is nice for windows scanners.
iss is a good scanner, with lots of tunning and tweaking for the best of
results.
cyber cop is very strong in reporting (big issue after the dirty job ;)
).
nessus very good tool for *nix targets (dns, ftp, SNMP, mail, http)
retina is a nice loking and efective tool (good report also)
there are several good tools for testing cgi's and ecommerce software.
and in the end the securityfocus exploits compiled and tried against
several machines (jolt2 make windows 150% loaded, for instance...)
The ability of data gathering from both sides , the results from the
scanner and the messages from the target, that's where the gold is.
So, it's a hell of a job.
Hope it helped.
Rafael Teixeira
Zodiac Mars wrote:
>
> We are a large financial institution, we are looking
> for doing a regular external penetration test from the
> internet to the DMZ servers. Could you help in
> recommending/suggestions in the criteria that we
> select the right vendor(s). Also I appreciate if you
> can recommend vendor(s)that you have experience with.
>
> Thanks for your advice.
>
> Zodiac
> Systems Administrator
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
"And you may ask yourself,
Well ... How did I get here?"
- Talking Heads
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
