Penetration Testing mailing list archives
RE: VA support efforts (was Qualys)
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 13 Feb 2006 13:27:40 -0600
-----Original Message----- From: Byron Sonne [mailto:blsonne () rogers com] Cool, cool... I always wondered how other vendors handled that kind of thing.
Many vendors will put you in touch with one of their developers, but the developers never return your call. Qualys, when I worked with them, was excellent about *communication*. Others that deserve props in this department are Core, NGS, and SPI. Come to think, one of our favorite Qualys support engineers jumped to nCircle.
We display the actual rule used in all the reports (I wouldn't
All scanners should do this. When you crash a server you should be able to figure out why by reading the test, without support email, phonecalls, and an unproductive circle of attempting to reproduce test cases.
cool like NASL, but more nCirclish ;)
nCircle started as a Nessus-scan shop, so that makes sense.
is this the right list for vm type talk?
VA and pen go together. There is also increasing blur between this list and the various webappsec, vuln dev, and secure coding lists. If you mean asset management or whatever new [aggregate]-management phrase the VA vendors are going to start calling themselves, I am unsure of list needs. Does this blur with the [asset|vuln|attack] -management discussions on the IDS lists too? Apology this has gone way off topic. I was disappointed to see a vendor who has worked hard to support our team in the past get denigrated by what may be an unrepresentative or inaccurate anecdote. Vendors trying hard to keep their technology caught up with their marketing deserve positive reinforcement IMO, as not all vendors subscribe to that page of the fair play journal. -ae ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: VA support efforts (was Qualys) Evans, Arian (Feb 13)