Saint5

Saint5

Category: Vulnerability Scanners
Website: http://www.saintcorporation.com/about_SAINT.html
Manufacturer: SAINT
Operating System: Unix/Linux

8
Security Threat Rating

Description:
Saint 5 is a non-intrusive network and system scanner. It doesn't require an agent on the client to complete its scan. Saint is option rich but also complex and difficult to understand at first, requiring more expertise and knowledge than some of its competitors. It does, however, offer a more complete reporting solution than any other product on the market with more control over the reports and more detail and helpful references included than anyone else. The vulnerability section describes each problem found, how to fix it and where to go for more information. The reports also include trend analysis to show you what has changed since the last scan. The scanning is smart in that it first learns about the targeted system (services running, ports open, etc.) and then run checks specifically based on the information gained. Once a vulnerability is found saint will reference CERT, CVE, and IAVA docs to give more background on the problem.

Strengths:
   · Most useful reporting of any vulnerability scanner
   · Comprehensive vulnerability database and smart scanning
   · Automatically updated each time a scan is run
   · Pre-made scan for SANS top 20 vulnerabilities
   · Easy to schedule scans for the future, doesn't require SAINT to be running for scan to start.

Weaknesses:
   · Unix/Linux only
   · Reactive scanning only, can't find new bugs (anti-virus model)
   · Web-based UI not as easy to use as competition

Target:
any public UNIX or Linux machine

Mitigation/Recommendation:
patched, updated server

Price:
$1835 for 50 IP address scans

Penetration (8):
High

Simplicity (4):
Moderate. Requires moderate skill to use for information gathering; scanning is complex but once understood is automated and returns with a set of attack vectors a hacker could use on each ip address scanned. It takes moderate skill to turn a scanned vulnerability into a real exploit, though each vulnerability contains references for more information that could be used to formulate an attack. Script kiddies would have to spend time searching for an already built exploit. A real hacker should be able to build an exploit just with the information given. False positives will slow down the process but don't mitigate the fact that many real vulnerabilities will be in the scan report.

Damage Potential (1):
Minimal This is an ideal information gathering and attack planning tool. As the tool will report a huge variety of known vulnerabilities and vulnerability types the damage potential is high. The scanner will paint big bulls-eyes on any weakness left open on any accessible machine. The CHAM feature gives this tool added punch, upping the likelihood that a previously unknown bug will be discovered in the protocol layer. CHAM is most likely to find buffer overruns but it is possible it would find other bugs as well.