sunhux
asked on
Tools to do periodic security scans
Can anyone suggest security scan tools (under US$3500 each) that does:
a) password cracking (we would like to scan for weak passwords used in our
servers & network devices (most logins are using https & ssh & a few http)
b) using default passwords (recently we found quite a considerable number
of printers, scanners, voice recorders, etc on the network that uses default
factory passwords)
c) those that still use SSL and older versions of TLS
d) tools that could uncover weak coding that give rise to Cross-site scripting,
(improper input validation), SQL injection, IIS Repeated Parameters &
common coding weaknesses
e) outdated patches (without the need to login to the servers)
a) password cracking (we would like to scan for weak passwords used in our
servers & network devices (most logins are using https & ssh & a few http)
b) using default passwords (recently we found quite a considerable number
of printers, scanners, voice recorders, etc on the network that uses default
factory passwords)
c) those that still use SSL and older versions of TLS
d) tools that could uncover weak coding that give rise to Cross-site scripting,
(improper input validation), SQL injection, IIS Repeated Parameters &
common coding weaknesses
e) outdated patches (without the need to login to the servers)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.