In this thread here I questioned the "ability" of securityspace.com to use their tools properly and to "reasonably" report their findings. I laid out what I had available and what they "discovered"/reported as problems.

I'm not out to cause them trouble, nor do I expect anyone to spend any money to see their "results". I am interested in seeing a "survey" of what they do and how well they do with it.

So here's the "challenge".......

Go here and sign up for the "No Risk" security audit, (the Basic is a portscan and nothing more). When you have the results post what OS, patch level, expected open ports, services running on the open ports including version and then what SecuritySpace came up with and how they categorized the "risk" in a similar fashion to the way I did in the thread mentioned above.

I am really interested to see how accurate they are, what they consider high, medium and low risk, and how big they manage to make what should be small reports into really bigs ones.

I'm running one test against this box as I type, it's behind a Linksys router, then I'll run another against this box with no attempt at securing it while it is in the DMZ of the router to se how the results differ.... I'll post both results.....

Anyone else up to seeing what we can determine here?

[Edit]

It has taken 2 hours again to do their survey..... Unfortunately I don't have time to assess their look at my Linksys right now..... I have to go out to dinner with friends.... I'll take a look at the report in the morning and report on it.....

[/Edit]