Re: Penetration Testing Software

[David Grisham <DGrisham () SALUD UNM EDU>]

UNM main campus, the UNM Health Science Center and UNM Hospitals have used TrustCC for penetration, baseline 
assessments and focused systems testing very successfully.  TrustCC.com





Cheers --grish
David D. Grisham, Ph.D.,  CISM, CHSP
Manager, IT Security,
UNM Hospitals, IT Division
1650 University Blvd,  S.500, Albuquerque, NM 87102
Ph: (505) 272-5657 FAX 272-6923
Work email:  dgrisham () salud unm edu
Adjunct Faculty, Computer Science, UNM
Academic & personal email:  dave () unm edu>>> "Axworthy, Heather" <haxworthy () UMASSP EDU> 3/10/2009 7:36 AM >>>
Hi James,

 

I have used several outside vendors for this work and the best I have
seen are the folks at InGuardians.  http://www.inguardians.com.  The
firm's founders are Mike Poor, Jay Beale and Tom Liston of SANS.  

 

At my previous two employers, neither had ever performed penetration
testing.  In that case, it is better to get an outside vendor to come in
and perform a full test (external "black box", external trusted, and
internal.)  This will help you get a better picture of your
vulnerabilities.  Then once you do that, you can explore purchasing a
product like Core Impact, if you have the dedicated staff for it.

 

Hope that helps.

 

Thanks,

Heather

 

 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James R. Pardonek
Sent: Monday, March 09, 2009 5:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU 
Subject: [SECURITY] Penetration Testing Software

 

We are looking at penetration testing, either by a third party or by
using purchased software in-house.  I was curious what others were
doing, some costs and issues.

 

Thanks,

 

James R. Pardonek, CISSP

Senior Network Administrator

Network Infrastructure Management and Maintenance

Computing Technology and Information Services

Purdue University Calumet

Hammond, Indiana