SAINT integrated vulnerability assessment
Strengths: Powerful vulnerability scanning and penetration testing combined onto an easy-to-use platform.
Weaknesses: None that we found.
Verdict: For its solid performance and value. this venerable pioneer is our Recommended choice for vulnerability assessment and pen testing.
SummaryThose familiar with SAINT know that it has in the past been a software application that had to be installed on a Linux-based machine somewhere in the enterprise. While this is not usually a problem, in certain environments there may not be somebody who is very comfortable with installing and managing Linux applications, or there just may not be a box available on which to install Linux. Enter the SAINT Box. This appliance brings all the features of SAINTscanner, SAINTexploit and SAINTmanager into one box that is ready to go right off the shelf.
We found this tool to be easy to install, as it comes pretty much already configured. All we had to do was plug in the box and attach a keyboard and monitor to go through a quick setup wizard and we were ready to go. All administration is done through a web GUI, which we found to be easy and intuitive to navigate. This GUI is also where configuration for scanning and reporting is done.
The SAINT platform itself is a powerful vulnerability and penetration testing tool. With the combination of SAINTscanner and SAINTexploit, users are able to scan and try to exploit almost anything with an IP address, as well as web and database applications. After the scan is complete, SAINTwriter provides equally robust reporting with many compliance templates ready to go.
Documentation included a well-organized user guide, which provides information on how to configure and use all of the SAINT components.
SAINT includes basic phone and email support to all customers, but 24/7 support can be purchased at an additional fee. Customers also can access an online knowledge base, as well as product documentation.
While $19,000 may seem steep, we find this tool to provide a nice combination of powerful vulnerability scanning and penetration testing tools, as well as robust reporting, in an easy-to-use box, which is why we find it to be a great value for the money.