Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
robertc
Newcomer I
‎10-10-2017 09:33 AM
‎10-10-2017 09:33 AM

internal scanning tools

Wondering what tools folks use for routine internal scanning for vulnerabilities and what's most recommended.  There seems to be a plethora of solutions available just now so which is the best/most effective/cheapest?

 

I have Trend Micro Deep Security Manager which is pretty good at what it does but I'm looking to supplement it with something like Nessus.  It's part of a drive to incrase our internal capabilities rather than having to rely on independent scrutiny all of the time.

 

We do a fair bit of development and I'd like to do some internal testing on apps before they go into production (they will always be tested independently before going live but I'm trying to reduce the re-testing).

 

Any advice would be most welcome

Reply
15 Replies
JoshuaGabriel
Newcomer III
‎12-17-2017 10:16 AM
‎12-17-2017 10:16 AM

I went to the Alienvault but it seems there is only a free trial. Please let me know which of the products you mentioned is totally free

Reply
0 Kudos
JoshuaGabriel
Newcomer III
‎12-17-2017 10:18 AM
‎12-17-2017 10:18 AM

Openvas has been replaced by the community edition of GSM, Greenbone Security Manager. I have tried that and it is very limited in terms of plugins.

Reply
DALX
Newcomer II
‎12-17-2017 11:34 AM
‎12-17-2017 11:34 AM

@JoshuaGabriel wrote:

I went to the Alienvault but it seems there is only a free trial. Please let me know which of the products you mentioned is totally free

OSSIM is the free (limited) version

Use this link: https://dlcdn.alienvault.com/AlienVault_OSSIM_64bits.iso

Reply
0 Kudos
JoshuaGabriel
Newcomer III
‎12-17-2017 11:52 AM
‎12-17-2017 11:52 AM

Thank you DALX.

 

Already downloaded.Smiley Happy

Reply
0 Kudos
jordanpw
Newcomer III
‎12-17-2017 02:06 PM
‎12-17-2017 02:06 PM

Nessus and Nmap are great as many people have mentioned. Nexpose from Rapid 7 is also good. If you're looking at MetaSploit and at going beyond just scanning and checking on whether vulnerabilities can be exploited, then you might also want to look at the (free) Penetration Testers Framework (PTF) from the wonderful folks at TrustedSec. 

Reply
0 Kudos
eric-nieuwland
Newcomer II
‎12-18-2017 01:17 PM
‎12-18-2017 01:17 PM

On the software development side have the development teams routinely run

  • OWASP Dependency Check
  • OWASP Zed Attack Proxy (ZAP)

Cross-check with SonarQube's security warnings.

Reply
0 Kudos