Firewall Wizards mailing list archives
Re: Penetration testing via shrinkware
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Thu, 03 Sep 1998 10:19:25 -0400
What are the opinions on the thoroughness of shrinkwrap software penetration testing? Is today's shrinkware more capable for penetration testing (a single machine) than a human?
I guess it depends on the human! :) Can a program do a better job of testing than a lame, clueless human? Sure! Can a program do a better job of testing than a fairly experienced security guru? No. Can a program do a better job of testing than an 3ll33t? No. By extension, I'd assume that someone was a lamer if they were using shrinkwrap. I'd assume they were bringing no native expertise to the table, and I'd only pay them "shop time" rates (e.g.: about $25/hr) instead of consultant rates (you pay consultants for expertise not their ability to click 'go'). One of the problems with shrinkwrap is that it's not a whole lot faster and it can overlook really stupid stuff that a human would detect in a heartbeat. For example, what about the customer who has a telnet listener on port 25 behind a screening router? The shrinkwrap will try to do DEBUG and WIZ on it but won't try to log in as root. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Penetration testing via shrinkware Stout, Bill (Sep 03)
- Re: Penetration testing via shrinkware Bennett Todd (Sep 03)
- Re: Penetration testing via shrinkware Sheila //or// Bob (depends on who's writing) (Sep 06)
- Re: Penetration testing via shrinkware Stephen P. Berry (Sep 06)
- <Possible follow-ups>
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 03)
- Re: Penetration testing via shrinkware emaiwald (Sep 03)
- Re: Penetration testing via shrinkware Dominique Brezinski (Sep 03)
- Re: Penetration testing via shrinkware Ryan Russell (Sep 03)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- Re: Penetration testing via shrinkware tqbf (Sep 17)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 18)
- Re: Penetration testing via shrinkware Ted Doty (Sep 19)
- Re: Penetration testing via shrinkware tqbf (Sep 19)
- Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)