Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] External network scanning service

On Fri, Mar 27, 2015 at 04:28:35PM -0400, Tom Metro wrote:
> Matt Shields wrote:
> > I'm
> > looking for a SAAS that I can add my subnets and they will scan them daily
> > and check for open ports and known vulnerabilities, etc and send us a
> > report.
> I asked a similar question back in June:
> Although my expectation was that a SaaS solution wouldn't do the job as
> some exploits need to be performed on the same network segment, although
> so few potential attackers would have that access, a SaaS approach is
> probably good enough.
> The answer I got back was, "Isn't that what Metasploit is for?"
> So why the lack of SaaS offerings? Is it due to technical reasons or
> because of fear of liability? (A search did turn up
>; I can't find pricing on their site.)
> It sure seems like there ought to be a market for this.

Veracode offers this, calling it automated web application
perimeter testing. They want about $2K/year, for which you get
more or less unlimited usage.

Tenable offers Nessus Cloud, which is the Nessus scanner, plus
their secret sauce, as a web service. That's also around

Nessus was forked before Tenable closed it, and the resulting
project is called OpenVAS. I don't know how many groups will run
it against you for some amount of money.

In general, the term you want to google for is "vulnerability


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /