Penetration Testing mailing list archives

Re: Tools to use for Penetration Testing?

From: philip.finn () uscellular com
Date: 11 Sep 2008 14:21:33 -0000

Being a White hat/Hacker is not about the tools any body can take Core impact and exploit a vulnerability that has 
already been written for them.  If you want to be a pen tester you need to understand the exploits themselves and how 
they actually work.  You need to be able to understand machine code so that you can spot a buffer overflow in poorly 
written code.  You should understand sql query language so that you can test for sql injection.  You need to understand 
exactly how network protocols work.  The tools will come with the understanding of these types of technology.  I'm sure 
any number of people on this list can rattle off tools but if you don't understand what the tools are used for then 
they are pointless.

Phil  

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

RE: Tools to use for Penetration Testing?, (continued)
- - - RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
    - Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)