OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re[2]: Penetration Tests

Re[2]: Penetration Tests

Edward Cracknell (edwardsecurIT.net)
Fri, 26 Sep 1997 17:27:06 +0100 (BST)

Darren Reed <darrenrcyber.com.au> wrote:
darrenr >You might even find some older versions of tools such as iss which
are
darrenr >minus the graphical bloating. Hmmm, downloading the trial version of
darrenr >ISS (with the docs) might be worthwhile for reading the docs - what
darrenr >sort of vulnerabilities to expect, etc.
darrenr >

I was very impressed with what I saw from ISS when I downloaded the
latest copy a few weeks ago, but like you say, it's obviously a case of
throwing that net wide enough.

darrenr >I'm not sure that this really answers your question...most of the
tools
darrenr >commercially available are enhanced versions of SATAN - just with
more
darrenr >options put in them. The real intelligence is in the various
subroutines
darrenr >which do the testing and given exploits are fairly easy to obtain, it
darrenr >is certainly possible to expand the utility of SATAN.
darrenr >
darrenr >The $$ question is, how much time do you want to spend doing this
and what
darrenr >that cost will be vs. buying something like ISS to do it for you.
darrenr >

I might well invest in ISS, but isn't it based upon an IP address?,
which means as a portable tool for testing, it's no good!

darrenr >Darren

Thanks for the mail Darren.

Regards

-------------------------------------------------------------
Edward Cracknell
Security Administrator/Author
edwardSecurIT.net
--------- Okay, who put a "stop payment" on my reality check? -----------

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT