Web Admin Blog Real Web Admins. Real World Experience.


An Evaluation of Rapid7 NeXpose

I've been focusing a lot of my time lately on our PCI initiatives.  One sub-topic that I've spent a particularly large amount of time on has been Requirement 11.2 which says that you need to have internal and external network vulnerability scans performed by a scan vendor qualified by PCI.  We already employ one such tool, but I've been working to evaluate several other vulnerability scanning tools to see where our current tool is at in comparison.  I'll post my evaluations of each of these tools in time, but for now I'll start with my evaluation of Rapid7 NeXpose.