Vulnerability Assessment and Pen Test

Hello

Is there a Network Vulnerability Assessment tool out there I can used to run on a small network. I need this for a compliance request

Thanks
FalconTwoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
Every network is vulnerable, just depends on how hard you are willing to bang on it.

http://0x27.me/HackBack/0x00.txt

The above helped me find several gaping web configurations and security holes/principles in a number of customers, as well as expand my knowledge on pen testing.  It's also fun to read!
kskr_networksCommented:
Try the tool "Nessus", may be  this helps
Bryant SchaperCommented:
Can you be more specific, also if this is for a PCI or SOX compliance, you probably have a requirement for third party external testing.
Dave HoweSoftware and Hardware EngineerCommented:
You should do both really.

For compliance, you are almost certainly going to need to hire an external auditor and/or professional pentesting - however, it is best to run your own checks internally before you spend money, because if you leave any low hanging fruit, they will fail you on that, and then you will have to pay again for the retest....

Nessus is pretty much the industry standard for vulnerability scanning, and offer a free 7 day trial - so you may wish to take them up on that, run some initial scans (which will pin down unpatched hosts internally and so forth), patch up to spec, then repeat. As many compliance regimes will require one external test per year, but allow you to self-certify for quarterly vuln scans, it would be advisable to look at buying a single licence for nessus, and doing monthly scans with it, to reduce the number of easily locatable problems and offer some protection between professional audits.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FalconTwoAuthor Commented:
I am actually getting an outside vendor to perform the PEN test
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.