We have been watching Saint for a long time. The company, as those of you who have been around long enough may recall, began life as an open-source version of Satan, one of the first, serious freely available vulnerability scanners. The tool was commercialised eventually, but has maintained many of its open-source roots.
It is a work horse, dependable and, until recently, a bit difficult to deploy unless you were pretty good with Linux. The display was, at best, plain. All that has changed with the current release.
Today's Saint is a solid combination of scanner and penetration testing tool. It is simple to set up from the Linux command prompt, and the website provides access to the required licence key. The clean, well-organised user interface makes it easy to launch scans or pen tests. Results can be viewed in the data collection window.
We were a bit disappointed in the number of vulnerabilities Saint found. Unlike most of the products we tested, it uses "critical", "areas of concern" and "potential problems" instead of the more common high, medium and low to describe findings. We view this with mixed emotions since the Saint categories seem more descriptive. Even so, we found that Saint identified only around 15 per cent of the known vulnerabilities in our test bed, missing most of the serious ones.
However, Saint also attempts to penetrate, and just because a vulnerability appears to exist does not mean that it can be exploited. Still, we found the low number disconcerting in the context of the known vulnerabilities in our test.
Support is adequate, consisting of email and phone assistance, as well as a useful website complete with downloads, updates and documentation. An annual cost of around £9,000 for the combined package with unlimited IP addresses puts Saint in the middle of the cost spectrum for this kind of tool.
We rate Saint Scanner + Exploit Recommended for its useful combination of scanner and penetration tool.