Dailydave mailing list archives
Re: Defending the honor of...penetration testing tools
From: Anton Chuvakin <anton () chuvakin org>
Date: Wed, 13 Feb 2013 05:54:38 +0400
On Tue, Feb 12, 2013 at 9:50 PM, Dave Aitel <dave () immunityinc com> wrote:
So as you can see below, I'll be at RSA asking Andrew Jaquith why on earth he thinks penetration testing tools are evil. To be honest, I have no idea. Does that also imply penetration testing is evil, or is he saying that penetration testing tools make people lazy and therefor you get better penetration tests without them, in which case I'll try to get him to write his future papers without a keyboard or something.
Well, I can't say why he thinks they are evil, but I often thought that their NAME is. Often, when I hear people say "penetration testing tools" they *automatically* assume that "running that tool == penetration test." After all, "X tool" in many minds means "tools that does X." Penetration tools, last time I checked, don't DO penetration testing. Humans do. You can insert all the jokes about stupid people and all, but this sentiment is very, very contagious. Therefore I often avoided naming them in my work and instead used some kludge like "exploitation tools", or (please don't laugh) "tools [somewhat] helpful during penetration testing." -- Dr. Anton Chuvakin Site: http://www.chuvakin.org Twitter: @anton_chuvakin Work: http://www.linkedin.com/in/chuvakin
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Defending the honor of...penetration testing tools Dave Aitel (Feb 12)
- Re: Defending the honor of...penetration testing tools antisnatchor (Feb 12)
- Re: Defending the honor of...penetration testing tools Mohammad Hosein (Feb 12)
- Re: Defending the honor of...penetration testing tools Anton Chuvakin (Feb 18)
- Re: Defending the honor of...penetration testing tools antisnatchor (Feb 12)