Penetration Testing mailing list archives

Re: Opinions on ClicktoSecure's Hailstorm Product

From: Bill Pennington <billp () boarder org>
Date: Thu, 27 Sep 2001 22:38:08 -0700

I had the pleasure of watching Greg run Hailstorm through its paces and
was impressed with it's abilities even though it was around 1 AM :).
This is a great R&D/QA tool, it is the closest thing I have seen to an
automated vulnerability finder. eEye has Retina which is good with its
attack language but Hailstorm makes it easier to rapidly test a device
or application.

Having said that I struggle to find good uses for it during a pen test.
I mean for a application pen test (I am thinking web application here)
you can rapidly abuse a myriad on URL parameters in a short amount of
time, this is good (well great IMHO) but we found it a little to
involved to put in our standard arsenal.

That and some licensing issues (why does money always get in the way??)
made us decide not to deploy it.

Bottom line though really cool tool that I am sure will get even better.
Anything that helps developers produce more secure products is great.
Now if Microsoft would just purchase a ton of copies maybe we could all
get a few days off...

Security News wrote:


I am currently doing an evaluation of ClicktoSecure's Hailstorm product.
Wondering if any of you have used the product, and what your opinions may
be.

Thanks

dan

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


-- 


Bill Pennington - CISSP

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Opinions on ClicktoSecure's Hailstorm Product Security News (Sep 25)
- Re: Opinions on ClicktoSecure's Hailstorm Product Bill Pennington (Sep 28)
- <Possible follow-ups>
- RE: Opinions on ClicktoSecure's Hailstorm Product Gregory M Hoglund (Sep 27)