The following tools should be used in combination to conduct security assessments.
Unified vulnerability management enterprise solution
Network Vulnerability Scanner
Security Consensus Operational Readiness Evaluation provides various security checklists.
Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.
MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.
HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
Penetration testing software
Provides a suite of tools for:
- Vulnerability Management
- Policy Compliance
- PCI Compliance
- Web Application Scanning
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.
The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools.