So, I've been getting some paid pentesting jobs, and I need to decide between buying a Nessus license or using OpenVAS.  I'd prefer not to spend the extra money, but I don't have any experience with OpenVAS.  Is it just as good as Nessus or should I suck it up and just buy the license?  I primarily do web pentesting, and use Nessus to find configuration issues and software vulnerabilities on a web server before I begin testing the actual site.

Also there are a lot of OpenVAS tutorials out there.  If anyone has some favorites please post the links. 

Thanks.

You know that article is so useful. I've spent the past 30 mins or so looking at the vulnerabilities and researching ones I am not familiar with. I know this is really the point of metasploitable, but its still a great experience. I havent gotten to the nexpose and openVAS reports yet, but im looking forward to seeing the differences.

Why don't you just pass the cost of the license on to your client(s)?

Just in case you're not aware. According to the Nessus license:

"Q. Can I use Nessus at work?

A. You must subscribe to the ProfessionalFeed to use Nessus outside of the home or personal use."

http://www.tenable.com/products/nessus/nessus-faq#anchor11.2

Based on my own personal observations, I've not come across anyone recommending OpenVAS over Nessus (Professional). Everyone seems to use Nessus.

I'd be interested to see which Vulnerabilty scanners are currently used by members here who are testing professionally.

My personal experience is that the paid vulnerability scanners typically provide more timely and accurate signatures. Unless OpenVAS has changed dramatically since I last used it, I think it would be negligent to use it professionally.

Nessus seems to provide a good cost/benefit ratio. I'd probably use something else or add-on the security center if I was using it in-house, but for one-off assessments, I can do without a lot of extra features.

I can't comment on OpenVAS too much, got it running in a lab environment but haven't really used in anger.

Placing technical issues to one side, if you're providing a chargeable service some (rightly or wrongly, a debate for another day) will be more comfortable with a service backed up by a commercial organisation; and I have come across a handful of organisations that specifically disallow open source in their environment.

Given the relative low cost of a single Nessus license (compared to other commercial offerings) I'd suggest this may be the way to go in a commercial setting. The cost of a license can quickly be offset by picking up business from clients that otherwise wouldn't consider you.

I don't rely on vuln scanners too much, but I do like to use them to get a sense of the overall focus of security of a client.  If I run it and come up with 10 major issues, I know I might have to focus first on fixing simple things since it's most likely the case that the admin hasn't really viewed security as a priority.  Kind of like running an antivirus scan, if it comes up with 40 viruses, i know it's going to be a pain to clean, but if it comes up with none that doesn't necessarily mean things are ok.