Vulnerability Assesment

[impelse]

This question is for you guys that do vulnerability assessment.

What vulnerability tool do you normally use? OpenVass, Saint, Nessus or Rapid7? Do you scan only servers/switches/firewall/routers, etc or the whole networking including workstations?

I am talking a general vulnerability assessment, not compliant.

[MaXe]

I use a mix  (Of Nessus and Metasploit) Sometimes I scan everything (small subnets), sometimes I break things up and scan smaller segments at a time in +100 device networks. (I've often been under an extremely tight time-limit, meaning 1-3 hours max.)

[impelse]

Last night and today I use OpenVas in a real environment, my supervisor begin to ask the vulnerability assessment for one of our client.

I am glad he asked something like that so I can experiment more, I am taking PWB training but I was worry come on: I will need to get more real experience!!!!. I know vulnerability assessment is not a pentest but I will get it someday very soon.

Tonight I will try Nessus and see what fit better for the company.

[BillV]

A mix... Nessus, Qualys, Nexpose. Scans are conducted on whatever is in scope.

[cd1zz]

Nexpose. It's not perfect, but none of them are. There are many times that the scanner reports nothing "critical" but full compromise happens shortly there after. I hate VA's... I wish compliance programs realized that.

[sil]

I suggest you read a paper I wrote which expounds on these topics

http://infosecisland.com/documentview/12932-Defending-the-Castle-by-Actively-Abusing-It.html