Review of 12 Vulnerability Scanners

produke points us to a review of security vulnerability scanners. It's light on detail and not terribly well organized, but might provide a starting point for more research. From the article: "A few months back I did some intense testing of all the best vulnerability scanners out there... I had a couple nix boxes hooked up, as well as some dozers, and figured I could add clients to a 'once-a-week' scanning contract. So naturally, I wanted to use the scanner that was the best for my purpose... Better to use firewalk, hping3 (now with scripting!), nmap, etc., and leave these crutch-like tools alone."

Where do people find this crap?

[madsheep]

I am baffled that someone even came across this article let alone posted it to Slashdot. This is probably one of the most juvenile reviews I have ever read. On top of that it's quite obvious it was written by a script kiddie. Who would actually do a [limited] review of security tools and talk about how they "can be tested for free, either through an evaluation or trial, or warez"?? This is by far one of the saddest reviews I have ever seen.

I pray that no one out there even considers using this person for a "scanning contract". This person is much more likely to do harm than any good. As mentioned it also seems the person is missing quite a few obvious vulnerability scanners from their top 11 list. Perhaps this is because our reviewer wasn't 31337 enough to get a cracked or evaluation version for these products. Core Impact or Foundstone Foundscan would easily rank about most or all(?) of these on the list. I mean Nikto is #8 on the list. Sure it's a neat tool, but it's simply a limited web application scanner. Our reviewer here does not have a clue.

Looks like 2007 is not off to a strong start! :(