While we don't typically pick on a single company in this manner, this is a case where a company demonstrates a common problem in the security industry. "Fly by night" security shop that offer "penetration testing", but really offer nothing you can't get from a software company. Most companies do not publish details, but Symtrex opted to. This gives a good look at what the offering really consists of. Our experience says this is way too common, but often difficult to prove.
This comprehensive assessment, which tests against over 14,400 vulnerabilities..
These days, have to be careful with numbers. This is roughly half of what Nessus checks for.
The Symtrex Vulnerability Assessment uses intelligent scanning technologies, that are non-intrusive and meets, or exceeds, all vulnerability scanning/assessment requirements for most industry standards and regulations1, including Sarbanes-Oxley (SOX), Common Vulnerabilities and Exposures (CVE), Health Insurance Portability and Accountability Act (HIPAA), Gramm Leach Bliley Act (GLBA), Payment Card Industry (PCI) Data Security Standard, Federal Information Security Management Act (FISMA), ISO-9000 and more (for a list of the threat groups and more information on the sample of the tests performed, please click here).
CVE isn't a 'requirement' for an 'industry standard' or 'regulation', at least not in this context.
With Symtrex Vulnerabilites Assessement, there are over 14,400 vulnerabilities, that can be categorized as follows:
AIX Local Checks Backdoors Centos Local Checks Cross Site Scripting DNS Services Database Services Debian Locka Checks Denial of Service FTP Services Fedora Local Checks Firewalls/Routers, SNMP Free BSD Local Checks Gentoo Local Checks HP-UX Local Checks MacOS X Local Checks Mail Services Mandrake Locak Checks Microsoft Bulletins Miscellaneous Netware Peer-to-Peer Services Red Hat Local Checks Remote File Access Remote Shell Access Service Detection Slackware Local Checks Solaris Local Checks Suse Local Checks Ubuntu Local Checks Unix Web Services Windows
The database currently contains 14416 unique vulnerabilities, is updated every 12 hours, cross-referenced by threat family and risk factor, and links to external sources (like CVE, Bugtraq, and OSVDB).
This lists what appear to be Nessus plugin families, leaving a few out (or merging some) and renaming some. There are curious mistakes: "Debian Locka Checks"? "Mandrake Locak Checks"? Why 14416 unique vulns when Nessus does over 27000 at the time of examining the page. Updated every 12 hours, much like a Nessus plugin feed can be set to. References the same three primary vulnerability databases that Nessus does, when most companies don't reference all three.
Looking at their "Sample Report", the "Threat ID" listed with the vulnerabilities correspond to Nessus plugins. They take the Nessus report, pretty it up, and deliver it as their own 'service'.
Symtrex's entire security offering as far as penetration testing can be summed up as "we run Nessus, but don't enable all plugins".