Re: Penetration Testing Software

[Todd Haverkos <infosec () haverkos com>]

Dimitrios Hilton <dhilton () theitguy us> writes:

> Does anyone have a recommendation for a low cost Penetration Testing
> Software that can produce nice client reports

Hi Dimitrios, 

Penetration testing deliverables don't fall out of a piece of
automated software.  As the meme goes, every time someone suggests
that they can or do, God kills a kitten.  Please think of the kittens!

Vulnerability assessment reports, on the other hand, actually can jump
out of a tool and into a printed report.  Tenable Nessus is where
you're likely to be happiest there if speed, result accuracy, and
customization are valuable to you. 

If you are trying to sell penetration tests that fall directly out of
any tool other than a word processor where a highly experienced human
is creating the report by typing things very specific to the customer
environment and business concerns, you'll become an embarassment to
the penetration testing industry, and someone will call you out
eventually.  Sadly, you'll probably make some money in the interim, as
there will always be companies who want a pentration test report to
check their audit checkbox, but aren't interested in the inconvenient
truth that might come from a real, well-executed, and broadly scoped
penetration test.

The Penetration Testing Execution Standard is definitely something to
become familiar with to better understand what a pen test is and
isn't.   It keeps evolving, but look through the technical guidelines
... and no tool exists that allows anyone to push a button and all
that popping out into a pretty report.  :-)  
     http://www.pentest-standard.org/index.php/Main_Page

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------