Hello guys,
I need your help in choosing some security tools. We will improve our security program and I have to propose some vulnerability scanning / penetration testing tools that we will buy.
Our network has around 3000 active IPs, and we have almost 40 IPs in the DMZ.
I have thought about some tools, and I should provide my managers some reasons why I did choose a particular one (for example in category Networks scanners I chose Nessus, and I can justify this on a Forrester research). Here are my categories and my picks:
Network scanning:
1. Nessus (cheaper ~ 3600$ for 3 licenses, very good product, and we already have it)
2. Nexpose (very good but will cost us 40.000$ /year)
3. Qualys
Database vulnerability scanners
1. DB Audit good reviews; 4500$ for 10 servers
2. Appdetective more expensive
3. Pangolin amazing SQL injection tool. It costs 2000$ and maybe I will convince them to buy it together with DB Audit
Web application
1. Burpsuite pro 225$ plus Accunetix 5000$
2. Webinspect 6000$
3. Appscan 15.000$
Penetration testing
1. Core impact 20.000$ plus Metasploit framework
2. Metasploit express 3000$
3. Saint exploit 20.000$ ?
Besides this we will use some open source tools, but we need also good commercial tools (management get excited about support
)
If I miss some categories please tell me.
So, I would like hear your suggestions and opinions.
Thanks!
Programming : Finished Python Course in Codecademy now what?
