Looking at options for vulnerability scanners — which ones would be a good fit for a midsize software startup?
Sort By:
Oldest
IT Strategist in Government2 years ago
We use Nessus, but we are a large organization. For a smaller organization on a limited budget, I would recommend to use an online scanner tool like Intruder.io or likes. Once you have you product developed/matured, you can invest in a better tool, which will be more suited for your target industry. Chief Technology Officer in Software2 years ago
We use Nuclie as its open source. https://nuclei.projectdiscovery.io/Still in Nascent stages, but so far good for our use cases
CIO in Services (non-Government)2 years ago
We use Tenable asit is number 1 in a lot of categories.Director of Tech and Cyber Strategy in Finance (non-banking)2 years ago
We looked at Nessus but when with Qualys (our parent allowed us favorable commercial terms).OWASP has a number of open source tools. My advice is to look at a tool that not only provides the scanner but to also look at integration costs (particularly if you use a CMDB) and determine where the best marginal dollar spent is. In many cases the easy of operationalizing the tool can be more important than the tool. Ultimately cyber security is about redundancy and layering and IMO what best supports that strategy is more important than how well one tool might perform on its own,
https://owasp.org/www-community/Vulnerability_Scanning_Tools
Vice President & Chief Information Security Officer (CISO) in Software2 years ago
Nessus, Qualys, wazuh, OpenVAS are good options