Security Basics mailing list archives
Re: Penetration Testing Software
From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 23 Sep 2011 07:16:39 -0500
Dimitrios Hilton <dhilton () theitguy us> writes:
Does anyone have a recommendation for a low cost Penetration Testing Software that can produce nice client reports
Hi Dimitrios, Penetration testing deliverables don't fall out of a piece of automated software. As the meme goes, every time someone suggests that they can or do, God kills a kitten. Please think of the kittens! Vulnerability assessment reports, on the other hand, actually can jump out of a tool and into a printed report. Tenable Nessus is where you're likely to be happiest there if speed, result accuracy, and customization are valuable to you. If you are trying to sell penetration tests that fall directly out of any tool other than a word processor where a highly experienced human is creating the report by typing things very specific to the customer environment and business concerns, you'll become an embarassment to the penetration testing industry, and someone will call you out eventually. Sadly, you'll probably make some money in the interim, as there will always be companies who want a pentration test report to check their audit checkbox, but aren't interested in the inconvenient truth that might come from a real, well-executed, and broadly scoped penetration test. The Penetration Testing Execution Standard is definitely something to become familiar with to better understand what a pen test is and isn't. It keeps evolving, but look through the technical guidelines ... and no tool exists that allows anyone to push a button and all that popping out into a pretty report. :-) http://www.pentest-standard.org/index.php/Main_Page Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Penetration Testing Software Dimitrios Hilton (Sep 21)
- RE: Penetration Testing Software Sheldon Malm (Sep 21)
- RE: Penetration Testing Software Bahrs, Art (Sep 21)
- Re: Penetration Testing Software AK (Sep 21)
- RE: Penetration Testing Software Eggleston, Mark (Sep 21)
- Re: Penetration Testing Software AK (Sep 23)
- RE: Penetration Testing Software Eggleston, Mark (Sep 23)
- RE: Penetration Testing Software Eggleston, Mark (Sep 21)
- Re: Penetration Testing Software ted fred (Sep 21)
- Re: Penetration Testing Software Todd Haverkos (Sep 23)
- Re: Penetration Testing Software Nirin Rattanaubol (Sep 26)
- Re: Penetration Testing Software Richard Thomas (Sep 26)
- <Possible follow-ups>
- Re: Penetration Testing Software krymson (Sep 22)