While we don't typically pick on a single company in this manner, this is a case where a company demonstrates a common problem in the security industry. "Fly by night" security shop that offer "penetration testing", but really offer nothing you can't get from a software company. Most companies do not publish details, but Symtrex opted to. This gives a good look at what the offering really consists of. Our experience says this is way too common, but often difficult to prove.

http://www.symtrex.com/services/vulassess.html

This comprehensive assessment, which tests against over 14,400 vulnerabilities..

These days, have to be careful with numbers. This is roughly half of what Nessus checks for.

The Symtrex Vulnerability Assessment uses intelligent scanning technologies, that are non-intrusive and meets, or exceeds, all vulnerability scanning/assessment requirements for most industry standards and regulations1, including Sarbanes-Oxley (SOX), Common Vulnerabilities and Exposures (CVE), Health Insurance Portability and Accountability Act (HIPAA), Gramm Leach Bliley Act (GLBA), Payment Card Industry (PCI) Data Security Standard, Federal Information Security Management Act (FISMA), ISO-9000 and more (for a list of the threat groups and more information on the sample of the tests performed, please click here).

CVE isn't a 'requirement' for an 'industry standard' or 'regulation', at least not in this context.

http://www.symtrex.com/services/threats.html

With Symtrex Vulnerabilites Assessement, there are over 14,400 vulnerabilities, that can be categorized as follows:

AIX Local Checks                Backdoors               Centos Local Checks
Cross Site Scripting            DNS Services            Database Services
Debian Locka Checks             Denial of Service       FTP Services
Fedora Local Checks             Firewalls/Routers, SNMP Free BSD Local Checks
Gentoo Local Checks             HP-UX Local Checks      MacOS X Local Checks
Mail Services                   Mandrake Locak Checks   Microsoft Bulletins
Miscellaneous                   Netware                 Peer-to-Peer Services
Red Hat Local Checks            Remote File Access      Remote Shell Access
Service Detection               Slackware Local Checks  Solaris Local Checks
Suse Local Checks               Ubuntu Local Checks     Unix
Web Services                    Windows

The database currently contains 14416 unique vulnerabilities, is updated every 12 hours, cross-referenced by threat family and risk factor, and links to external sources (like CVE, Bugtraq, and OSVDB).

This lists what appear to be Nessus plugin families, leaving a few out (or merging some) and renaming some. There are curious mistakes: "Debian Locka Checks"? "Mandrake Locak Checks"? Why 14416 unique vulns when Nessus does over 27000 at the time of examining the page. Updated every 12 hours, much like a Nessus plugin feed can be set to. References the same three primary vulnerability databases that Nessus does, when most companies don't reference all three.

Looking at their "Sample Report", the "Threat ID" listed with the vulnerabilities correspond to Nessus plugins. They take the Nessus report, pretty it up, and deliver it as their own 'service'.

Symtrex's entire security offering as far as penetration testing can be summed up as "we run Nessus, but don't enable all plugins".

main page ATTRITION feedback