We’ve been working on an interesting project lately, which has allowed us to research some of the more popular network-based security scanning tools on the market.  One of the things we’ve encountered during our research is a proliferation of lists of security tools.  Turns out that’s exactly what we were looking for!

I feel compelled to provide my own lists.  These do not reflect the opinion of any of my clients. 

The 2006 List of The Best Security Tools Lists

1. Fyodor’s – unlike the other lists, this one appears to be based on feedback from a decent sampling of people who should know what they’re talking about.  On the other hand, it’s skewed toward open-source, gray-hat stuff.  Still, it gives the low-down on 100 different tools, which is cool.
2. Darknet – well commented, although only discusses 15 tools.
3. dmoz – just an alphabetical list:  boring. 
4. My own list, which follows …

Before I provide my own Best Security Tools list, some additional comments: 

• The following list reflects a considered compromise between the marketing prowess of the entities represented, correlated with a gut check on whether the average Fortune 1000 IT guy would be interested.  This, in turn, is balanced against perceived quality, which is partially based on the lists above. 
• I’m only considering network-based vulnerability scanners.

The 2006 List of The Best Network-Based Vulnerability Scanning Tools

1. Tenable/Nessus
2. Metasploit
3. Canvas
4. Core Impact
5. ISS
6. Watchfire
7. eEye
8. Qualys

No Comments »