Hey guys,
I need to start running quarterly internal vulnerability scanning. Any suggestions on a tool that is easy to use, and either low cost or open source for a non-profit?
Thanks.
7 Spice ups
maxsec
February 27, 2017, 12:53pm
2
Alienvault’s OSSIM is a good place to start. Can be upgraded to the full commercial offering as well
5 Spice ups
kenlulue
February 27, 2017, 1:02pm
3
You can also run OpenVAS - it’s free.
2 Spice ups
You can look into firing up a basic Ubuntu VM with OpenVAS on it.
Other than that we use Nessus Cloud scanning.
EDIT updated from “externally hosted pen-Test” to “externally hosted Vulnerability Scan”
2 Spice ups
Mike400
February 27, 2017, 1:15pm
5
nessus can also be hosted internally and configured to run against the internal network.
3 Spice ups
Thanks for the kind mention, Martin!
1 Spice up
Thanks for the mention, Mike!
Hi Nick! We do offer a a free trial of @Tenable Network Security 's Nessus vulnerability scanner which you can find here . If you have any questions or need clarification on anything, feel free to reach out to me or Tony. =]
@tony-tenable-network-security
Another vote for OpenVAS here. We use it and I really like it. I currently have all of my servers scheduled to be scanned once a week (during off hours, about 5 or 6 at a time.) It’s pretty memory intensive is the only drawback I see right now when scanning multiple servers at once.
Hi Nick, over at IT Central Station we have peer-to-peer reviews of several popular application security solutions that you may find helpful. For example, an Information Security Advisor who uses HPE Fortify on Demand commented that he finds it valuable that the solution “correlated static and dynamic results with detailed priority guidance and provided central testing program management for all applications.” This reviewer also points out that there is a free version of the tool that you can try out. (If you would like to read the rest of his review you can find it here .) I hope this helps.
