On 12/13/2010 6:17 PM, Robin Wood wrote: > I was wondering if anyone used both OpenVas and Nessus while on tests > and if so how do you find the results, do they tend to match, does one > have more false positives/negatives than the other? > > I'm thinking for tests where stealth isn't an issue it might be nice > to run both scanners but if they both detect the same issues then it > isn't worth the effort. >
When testing vulnerability scanners, it's important to realize there are very different segments of code that go into a scanner. Although OpenVAS is based on Nessus2, there have been many major changes in Nessus over the past few years you should consider. For un-credentialed checks (scanning without admin rights) you should consider how fast the scan runs, the number of ports/hosts scanners and the overall false positive/negative rate. For credentialed checks speed is also something you should consider. False positives are less of an issue with credential checks, but false negatives are a big issue. Lots of other scanners besides Nessus miss 3rd party apps like java, trend, iTunes, .etc. and only focus on patches related to the OS. Doing things like running netstat durign a port-scan dramatically changes the speed of the scan as well. In general if you watch the amount of memory used by your scanner while it is scanning, you can get a sense of how well it will scan when testing 100s of hosts, 1000s of hosts, .etc. If you are doing PCI, FDCC, CIS or other types of audits, Tenable added config auditing to Nessus so you can report on these types of standards. If folks have test results of Nessus and other scanners, I am always interested in how things performed. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
