Content

Saint Scanner + Exploit

We have been watching Saint a long time. Saint, as many old-timers may recall, began life as an open source version of Satan, one of the first serious open source vulnerability scanners. Eventually the tool was commercialized and it has maintained many of its open source roots. It is a work horse, dependable and, until recently, a bit difficult to deploy unless you were pretty good with Linux. The display was, at best, plain vanilla. All that has changed with the current release.

Today’s Saint is a solid combination of scanner and pen testing tool. It is easy to set up from the Linux command prompt and the website provides access to the required license key. The clean, well-organized user interface makes it easy to launch scans or penetration tests and the data collection window makes viewing results easy.

We found the number of vulnerabilities that SAINT found to be typical of many vulnerability scanners. Unlike most products we tested, Saint uses "Critical", "Areas of Concern", and "Potential Problems" instead of the more common "High", "Medium" and "Low" to describe findings. We found that Saint Scanner identified about 89 percent of the known vulnerabilities in our test bed. However, Saint also attempts to penetrate and just because a vulnerability appears to exist does not mean that it can be exploited.

Saint uses SAINTexpress to perform automatic updates before each scan and we found the reporting generally well-conceived. Functionally and from the standpoint of performance the product carries out all basic functions to a satisfactory level. This is what the product purports to do and it delivers.

Support is adequate, consisting of email and phone support. There is 24-7 phone support available as an extra cost option. We would have liked to see a more obvious support page on the web site. There is no tab for "Support" and we had to search the site to find any support information. Also missing we frequently asked questions and user forums, features that are becoming the norm on many developer web sites across the industry.

Pricing is based upon the scope of the license. For example, the combination of Scanner and Exploit of a Class C address space is $4,390 while an unlimited license is $15,895. This pricing places SAINT in the middle of the cost spectrum for this kind of tool.

Saint Scanner + Exploit has been rated Recommended by SC Magazine.

Product title
Saint Scanner + Exploit
Product info
Name: Saint Scanner + Exploit Description: Price: Unlimited license for Scanner and Exploit: $15,895; Class C license for combined product: $4,390
Strength
Simple to setup, good user interface and well-organized reports. Exploit attempts penetration for found vulnerabilities.
Weakness
Not easy to find support on the website, some support tools found on many vendor websites are not present on the SAINT site.
Verdict
Still a good workhorse, Saint now sports penetration capabilities. While not the best performer in our tests, still, solid results were the order of the day.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.