Penetration Testing mailing list archives
Commercial Pen-testing tool
From: Alfred Huger <ah () securityfocus com>
Date: Wed, 10 Apr 2002 15:42:58 -0600 (MDT)
Hey folks, Quite some time past there was discussion on this list around commercially supported and developed Pen-testing tools. At the time no such creature existed, outside of vulnerability scanners. CORE Security Techonoligies has actually recently released an end to end auditing system (or framework system if you will) which addresses a number of signifigant issues facing people in this field. Issues like commercially written and supported exploit code, audit trails, reproducible labour from engagement to engagement etc. The product, CORE IMPACT, is IMHO worth a very serious look at if your in the business of penetration testing and risk assessment. The product allows for everything from maintaining a working audit trail of engagements to attacking, exploiting and taking control of systems to proxying and chaining systems in attacks as well as many many other things. It is so far as I can see one of the most innovative technologies this industry has seen since pen-testing began to build itself commercially into it's own inter-industry niche. I was in both the alpha and beta stages for this product and it left a very strong impression with me. This list is three years old and I have never before plugged a single product which should say something on how impressed I am with it. You can look at their documentation here: http://www.core-sdi.com/products/coreimpact/index.php VP Engineering SecurityFocus "Vae Victis" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Commercial Pen-testing tool Alfred Huger (Apr 10)