Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions?

[jackadaniel at gmail.com (Jack Daniel)]

Actually, I thought the juxtaposition of back to back interviews with
HD Moore and Marcus Ranum was very interesting, regardless of what you
think of the individuals' opinions.

Maybe Paul and Larry can take the next step and set up the steel cage.

Jack


2008/10/29 Bugbear <gbugbear at gmail.com>:
> So I was listening to the Risky Business Podcast this AM (#85) on my commute
> in (right after finishing part II of pauldotcom) and they had Tenable
> Network Security's CSO Marcus Ranum on. Marcus stated that he felt tools
> such as Core and Metasploit had no usefulness in pen test. He emphasised
> that a design review and vulnerability scanning should be enough.
>
> While I may have misunderstood his statements and I do agree design/config
> reviews and vulnerability scanning needs to be the first and second step of
> any regular review, pen test, etc... I completely disagree on his comments
> on using such aforementioned tools in conjunction with products such as
> Nessus. i.e. Nessus is not going to tell me if my blackberry user is
> connecting to free wifi and is vulnerable to Karma, etc..
>
> Thoughts, comments, opinions? Interested in what the viewpoint of the broad
> background of pauldotcom listeners! Or maybe someone can clarify his
> comments for me.
>
> Tim
>
>
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://blog.uncommonsensesecurity.com
http://www.linkedin.com/in/jackadaniel