五、附录:厂商和工具
| 数据库风险评估工具 | ||
| 厂商名称和URL | 产品名称 | 软件或服务 |
| Application Security http://www.appsecinc.com/products/appdetective/mssql |
AppDetective for: SQL Server,Sybase,Oracle,DB2,Lotus Domino |
软件 |
| Internet Security Systems (ISS) http://www.iss.net |
Database Scanner | 软件 |
| NGSSoftware http://www.nextgenss.com |
NGSSQuirreL for Oracle DominoScan OraScan |
软件 |
| 基于主机的风险评估工具 | ||
| 厂商名称和URL | 产品名称 | 软件或服务 |
| Akaba http://www.akabainc.com/home.html |
PointScan | 服务 |
| Beyond Security Australia http://www.beyondsecurity.com.au |
Automated Scanning Service | 服务 |
| BindView http://www.bindview.com |
bv-Control | 软件 |
| Catbird Networks http://www.catbird.com/index.cfm |
External Security Monitoring | 服务 |
| Cerberus Information Security http://www.cerberus-infosec.co.uk/cis.shtml |
Cerberus Internet Scanner(CIS) | 软件 |
| Computer Associates (CA) http://www.cai.com/solutions/enterprise/ etrust/policy_compliance/etrust_policy_compliance.pdf |
eTrust Policy Compliance | 软件 |
| CORE Security Technologies http://www1.corest.com |
CORE IMPACT | 软件 |
| Coresecure http://www.coresecure.com/flash/vuln_scanner.html |
CS.nessus | 服务 |
| Critical Watch http://www.criticalwatch.com |
Vulnerability Management | 服务 |
| E*MAZE http://www1.iplegion.com |
ipLegion | 服务 |
| Edgeos http://www.edgeos.com |
EdgeSecure | 服务 |
| eEye Digital Security http://www.eeye.com |
Retina Network Security Scanner | 软件 |
| Emprise Technologies http://www.emprisetech.com |
eScan | 服务 |
| Enterprise International http://www.ei-europe.com/security_analyst.htm |
Security Analyst | 软件 |
| ESecurity Online http://www.esecurityonline.com |
eSO Advisor eSO Framework |
设备 服务 |
| Foundstone http://www.foundstone.com |
FoundScan Engine | 软件和设备 |
| GFI Software http://www.gfi.com/lannetscan |
GFiLANguard Network Security Scanner |
软件 |
| Harris http://www.statonline.com |
STAT Scanner | 软件 |
| ISS http://www.iss.net |
Internet Scanner | 软件 |
| Latis Networks http://latis.com |
StillSecure VAM | 软件 |
| Microsoft http://www.microsoft.com/technet/treeview/ default.asp?url=/technet/security/tools/tools /mbsahome.asp |
Microsoft Baseline Security | 软件 |
| Nessus http://www.nessus.org |
Nessus | 软件 |
| NetIQ www.netiq.com |
NetIQ: Security Analyzer | 软件 |
| NetVision http://www.netvision.com |
NVAssess | 服务 |
| Network Associates http://www.networkassociates.com/us/services/home.htm |
CyberCop ASaP | 服务 |
| Network Security Systems http://www.netsecuritysys.com/products.html |
iNETPATROL LANPATROL |
服务 设备 |
| NGSSoftware http://www.nextgenss.com |
Typhon II | 软件 |
| N-Stalker http://www.nstalker.com/nstealth |
N-Stealth | 软件 |
| ProCheckUp http://www.procheckup.com |
ProCheckNet | 服务 |
| Qualys http://www.qualys.com |
QualysGuard QualysGuard Intranet |
服务 设备 |
| Saint http://www.saintcorporation.com |
SAINT WebSAINT |
软件 服务 |
| SonicWALL http://www.sonicwall.com |
SonicWALL Vulnerability | 服务 |
| Symantec http://www.symantec.com |
NetRecon | 软件. |
| ThreatFocus http://www.threatfocus.com |
Threat Focus Diligence |
服务 |
| VIGILANTe http://www.vigilante.com/securescan/index.htm |
SecureScan | 软件 |
| Web服务器风险评估工具 | ||
| 厂商名称和URL | 产品名称 | 软件或服务 |
| @stake http://www.atstake.com |
@stake WebProxy | 软件 |
| KaVaDo http://www.kavado.com |
ScanDo | 软件 |
| ProCheckUp http://www.procheckup.com |
ProCheckWeb | 服务 |
| SPI Dynamics http://www.spidynamics.com |
WebInspect | 软件 |
| WhiteHat Security http://community.whitehatsec.com/whitehat_arsenal.html |
WhiteHat Arsenal | 软件 |