PaulDotCom mailing list archives
Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions?
From: jackadaniel at gmail.com (Jack Daniel)
Date: Wed, 29 Oct 2008 10:23:32 -0400
Actually, I thought the juxtaposition of back to back interviews with HD Moore and Marcus Ranum was very interesting, regardless of what you think of the individuals' opinions. Maybe Paul and Larry can take the next step and set up the steel cage. Jack 2008/10/29 Bugbear <gbugbear at gmail.com>:
So I was listening to the Risky Business Podcast this AM (#85) on my commute in (right after finishing part II of pauldotcom) and they had Tenable Network Security's CSO Marcus Ranum on. Marcus stated that he felt tools such as Core and Metasploit had no usefulness in pen test. He emphasised that a design review and vulnerability scanning should be enough. While I may have misunderstood his statements and I do agree design/config reviews and vulnerability scanning needs to be the first and second step of any regular review, pen test, etc... I completely disagree on his comments on using such aforementioned tools in conjunction with products such as Nessus. i.e. Nessus is not going to tell me if my blackberry user is connecting to free wifi and is vulnerable to Karma, etc.. Thoughts, comments, opinions? Interested in what the viewpoint of the broad background of pauldotcom listeners! Or maybe someone can clarify his comments for me. Tim _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- ______________________________________ Jack Daniel, Reluctant CISSP http://blog.uncommonsensesecurity.com http://www.linkedin.com/in/jackadaniel
Current thread:
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Bugbear (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Arch Angel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Arch Angel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? PJ McGarvey (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Paul Asadoorian (Oct 30)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)