[Discuss] Penetration testing
John Abreau
abreauj at gmail.com
Tue Jun 10 17:01:28 EDT 2014
I recall a rather persuasive argument long ago about penetration testing
that the owner of the network is too close to the problem, and is at risk
of overlooking potential issues that they hadn't already thought of. Hiring
an outside consultant who isn't already familiar with your network was
argued to be much more effective.
Apparently it also tends to be more reassuring for bosses, who often value
the opinions of an outside consultant more than they do those of their own
employees.
On Tue, Jun 10, 2014 at 4:44 PM, Drew Van Zandt <drew.vanzandt at gmail.com>
wrote:
> http://en.wikipedia.org/wiki/SAINT_(software)
>
> Derived from SATAN.
>
> Also handy:
> http://www.openvas.org/
>
>
>
> *Drew Van Zandt Cam # US2010035593 (M:Agapito Acosta) *
>
>
> On Tue, Jun 10, 2014 at 4:38 PM, Chris Wallace <cbwcjw at gmail.com> wrote:
>
> > Well, since I work for "a consulting company" that seems very attractive
> ;)
> >
> > You could try OWASP ZAP, but again that's a little raw.
> >
> >
> > On Tue, Jun 10, 2014 at 4:26 PM, scottmarydavidsam at gmail.com <
> > scottmarydavidsam at gmail.com> wrote:
> >
> > > We need to run security / vulnerability scans against our web server
> and
> > > business application (on the same server), I'm looking for suggestion,
> > pro
> > > and con on scanning tools and any concerns (legal?) around using them.
> > The
> > > tools don't need to be free but should cost less than $1000.
> > >
> > > I'm open to learning to use the tools, I've tried Metasploit, NeXpose
> and
> > > Nmap but I'm not sure I have the time and the output data provided
> seems
> > a
> > > bit raw.
> > >
> > > I'm also looking at Acunetix, they have a cloud based vulnerability
> > > scanner, you get three scans for $810.
> > >
> > > Any help or suggestions other than "hire a consulting company" would be
> > > appreciated we just don't have the budget to do that right now.
> > >
> > > Thanks,
> > > Scott
> > > _______________________________________________
> > > Discuss mailing list
> > > Discuss at blu.org
> > > http://lists.blu.org/mailman/listinfo/discuss
> > >
> >
> >
> >
> > --
> > *Chris Wallace*
> > The Ohio State University | Computer Science and Engineering 2015
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://lists.blu.org/mailman/listinfo/discuss
> >
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
--
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
More information about the Discuss
mailing list