• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Pen Testing - I'm looking for a tool(s) to help automate the information gathering component of BB testing.

I was hoping I could get some direction on automating the manual processes during the information gathering phase.  
0
fly-fast
Asked:
fly-fast
  • 2
1 Solution
 
PowerITCommented:
Use Nessus from Tenable: http://www.nessus.org/nessus/
And you can use it for free, the only catch is that in the free version new plugins are delayed by 7 days.

J.
0
 
fly-fastAuthor Commented:
Ya I hear you Power...  But, I'm looking for a mechanism to automate the more mundane tasks of a pen test.

Have you automated?  Mind posting one of your reports without client data?  I'm looking to get a feel on how others format... etc..  
0
 
PowerITCommented:
fly-fast, no we haven't. Why? Because a pen test just gives a lat of technical gibberish which has to be interpreted to determine the risk level and be translated to something which is understandable by management. And I don't see this happening automatically in the future. IT Sec consultants still have to earn their pay ;-)
So, I don't believe in it, except for structural and continuous basic testing and reporting. I would not call this penetration testing, rather automated vulnerability assessment.
There is an interesting article on this at SANS: http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf
It is only one of the possible security layers.
If you need some such a tool: Core Security has their Core Impact product: http://www.coresecurity.com/
This is also described in the SANS article.
But don't put all your trust in such tools. There is still a lot of manual (and brain) work to be done.

J.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now