SAINT Integrated Vulnerability Scanner
Strengths: Powerful scanner and penetration testing tool.
Weaknesses: None that we found.
Verdict: We love this program and have for years since it was open source (under a different name, of course). This year it didn’t disappoint and we name it our Recommended product.
SummarySAINT Scanner and SAINT Exploit are two products brought into one place for a powerhouse combination. Scanner and Exploit work together to find vulnerabilities and tries to exploit those holes resulting in fewer false positives. This product includes a wide view of problems by reporting vulnerabilities using many standard references, including OVAL, CVE, CVSS, BID, IAVA and OSVDB.
While this is a Linux-based product, we found you do not need to be a Linux guru to install and use it. The installation process is well outlined and requires just a few commands in the Linux terminal. After install is complete, the program can be run either from the command line for those that are command line-centric or from a web GUI for users more comfortable with radio buttons and check boxes. We used the GUI and found it to be quite simple to navigate with a well-organized tab-top layout.
During the scan, the scan progress is shown and it gives real-time results of what is being found and what host is being scanned. When the scan is complete, results can be easily viewed and exported to a report. The only trouble we ran into with the reports was that the default directory, where reports are stored, is accessible by the root account only, so we had to run some commands to access the reports with our user account.
Documentation is a very in-depth help file that can be accessed online or in the product. This help file provides many step-by-step configuration instructions, as well as several screen shots and descriptions of product features. There are also several bookmarks which make it easy to navigate and find correct information.
SAINT provides eight hours a day/five days a week phone and email support at no cost to all customers, but 24/7 support can be purchased at 10 percent of the cost of the license. There is also a large support area available on the website that includes product documentation, a knowledge base, FAQ section, video tutorials and other support resources.
At a price of $8,500 annually for a Class C license, we find this product to be a good value for the money. SAINT provides a lot of functionality including penetration testing and quality reporting in one easy-to-use product.