Looking for vurnabilitiy scan software

mauricevanmierlo · 2015-12-21T10:27:39.000Z

Hello community,

I am doing a assignment for the company I am currently doing my internship.

The company is looking for a software solution that can be used in the network of their customers to discover vulnerability’s. They would like to get a reports which can be used to give their customers advice.

They would also like to use the software to scan websites on vulnerabilities.

I have done some research and found programs like Nessus, Qualys and OpenVAS.

Do you guys have some advice for me?

Thanks

tobywells · 2015-12-21T10:30:56.000Z

Qualys is excellent but like all products in this category you need to know how to use it. Qualys run some excellent courses and certifications for their stuff

mauricevanmierlo · 2015-12-21T11:00:26.000Z

Thanks for your quick reaction.

Qualys is offering some different subscription packages. Can you recommend a solution for my situation?

maxsec · 2015-12-21T11:56:28.000Z

Alienvault do a free version which will show vulns for machine (patching out of date etc)

If youre looking at web site vulns be careful and you need to be looking deeper than the vuln scanners do.

bwells · 2015-12-21T13:43:58.000Z

Alienvault and OpenVAS are two of my favorites for this type of work!

garrett-att-cybersecurity · 2015-12-21T14:39:04.000Z

Thanks for the mention, Brant! Let me, Javvad, or Kate know if we can assist with any questions!!

@kate-att-cybersecurity @javvad-att-cybersecurity

alangeoffrion · 2015-12-21T16:00:18.000Z

Sounds like you are on the right track. Do you have more solid requirements on what the scanner should do? In particular you mentioned being able to scan websites, you can use one of the vulnerability scanners you mentioned to scan a website and get some pretty good information, but you can also look at either different modules or different types of scanners to do a application scan. The app scan would show you things like SQL injection, we use IBM App Scan at work for that.

As far as which subscription model that comes down to two main things. First is typically how many internal and how many external IP’s do you need to scan. The second is carefully go over the licensing and make sure you are allowed to use the scanner on your customers network and if so how you can use while staying within the licensing agreement.

brandonstevens2 · 2015-12-21T17:29:05.000Z

Microsoft’s W.O.L.F.

Procexp.exe

WinDirStat

AutoRuns.exe

mauricevanmierlo · 2015-12-22T08:27:01.000Z

Thanks for your reply’s.

The company that I am working for would like to offer monthly a security scan to their customers. This are mostly company’s with 1-50 employees. They would like to scan the network of the customers. Beside of that they would like to scan the web applications that are developed. I did some research and found online the OWASP top 10 vulnerabilities.

The scan must be capable of:

Scanning the network for vulnerabilities (workstations, servers
Scanning for website vulnerabilities (SQL injection, XSS scripting etc.)

maxsec · 2015-12-22T08:31:01.000Z

For the web apps I’d recomment something like Netsparker

BUT and it’s a big BUT, this is only the start of the journey, you’ll still need regular human driven pen-tests to get passed the simple top-10 type environments.

For the Internal scans I’d recommend looking at Tenables Nessus and their remote Cloud based Nesus scans

Tenable®

Tenable Vulnerability Management

Upgrade your VM strategy with Tenable Vulnerability Management. Try it for free here to find out why Tenable is different from other tools in the market!

There’s even free training now for the Tenable set online

ceciforaccelops · 2015-12-22T18:10:49.000Z

Hi Maurice, and welcome to the community!

For the network vulnerability scanning, I would also throw AccelOps into the mix. Our SIEM software provides quick insight into the current health of your network devices, servers, and applications. You can drill down and obtain the details for each health metric to proactively manage issues and respond to problems or threats before they become critical. If you’re interested in checking us out, here is the link to our website: SIEM Security Information and Event Management - AccelOps

Although we do not offer software level inspection for website scanning, the community has made some great recommendations and it looks like you’re on the right track.

Feel free to reach out with any questions you have.

Best of luck!

melanie-for-bitglass · 2015-12-28T20:53:08.000Z

Maurice, you should also look into Bitglass’ Breach Discovery tool. Using proprietary threat intelligence and big data technologies, it analyzes your firewall logs to identify suspect traffic in outbound data flows. Traffic leaving your network for suspect destinations is automatically subject to deep inspection and assigned risk scores. It’s also available as a monthly subscription service. You just upload your firewall log files to get analytics and reports on data breach risk in your (or your customer’s) organization. You can check it out here , let me know if I can assist further!