Combination of all mechanisms of active vulnerability assessment such as network and system scanners, as well as tools for evaluating the security of DBMSs and web-applications in one product allows one to obtain the maximum reliable picture of network security.

The MaxPatrol system is based on a high-performance network scanner that can quickly and efficiently detect network nodes and open ports and recognize the operating system and server applications. The distributed architecture allows one to locate the scanning module in immediate proximity to the object of scanning, which reduces the load on backbone links.

Heuristic mechanisms of analysis allow one to detect vulnerabilities in network services and applications using the minimal privilege level and evaluate the network security from the point of the view of an attacker. The intelligent algorithms and mechanisms of vulnerability detection developed by experts were shown to be efficient by independent researchers; these algorithms and mechanisms are as similar to those used by attackers as possible, which allows one to identify the errors in system maintenance, as well as to detect unknown vulnerabilities in implementation of network applications.

Here, special modules produce an expert evaluation of security of popular DBMSs like Microsoft SQL Server, Oracle, and Lotus. Analysis includes all aspects of DBMS security. Analysis of DBMS security from within allows one to detect the vulnerabilities that are impossible or very difficult to identify with penetration testing.

The module of analysis of web-application security identifies vulnerabilities in heritable and in-house designed applications. Heuristic mechanisms allow one to detect most of vulgar errors made during the web-application development: SQL injection, cross-site scripting (XSS), etc.

The module of analysis of web-application security was developed by the Positive Technologies staff and outside specialists - the members of Web Application Security Consortium (www.webappsec.com) who are acknowledged to be experts in the field, which guarantees the highest scanning quality.

If mechanisms of remote control are available, then the scanning module can use them for deep security testing of the operating system and applications. This method allows one to obtain an integrated security evaluation with minimal resource usage as well as to analyze the parameters that are not available in the penetration testing mode.

The knowledge base contains system tests for most of common operating systems of Windows, Linux, and Unix families as well as for special-purpose equipment like Cisco IOS routers, Cisco IOS switches, Cisco PIX and Cisco ASA firewalls and applications such as Active Directory, Microsoft Exchange, IIS, Apache and SAP Netweaver. In contrast to traditional system scanners, MaxPatrol requires no installation of program modules on the nodes, which simplifies the maintenance and reduces the total cost of ownership. The entire testing is conducted remotely using the built-in mechanisms of remote administration.