Pen Testing - I'm looking for a tool(s) to help automate the information gathering component of BB testing.

I was hoping I could get some direction on automating the manual processes during the information gathering phase.  
fly-fastAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PowerITCommented:
Use Nessus from Tenable: http://www.nessus.org/nessus/
And you can use it for free, the only catch is that in the free version new plugins are delayed by 7 days.

J.
0
fly-fastAuthor Commented:
Ya I hear you Power...  But, I'm looking for a mechanism to automate the more mundane tasks of a pen test.

Have you automated?  Mind posting one of your reports without client data?  I'm looking to get a feel on how others format... etc..  
0
PowerITCommented:
fly-fast, no we haven't. Why? Because a pen test just gives a lat of technical gibberish which has to be interpreted to determine the risk level and be translated to something which is understandable by management. And I don't see this happening automatically in the future. IT Sec consultants still have to earn their pay ;-)
So, I don't believe in it, except for structural and continuous basic testing and reporting. I would not call this penetration testing, rather automated vulnerability assessment.
There is an interesting article on this at SANS: http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf
It is only one of the possible security layers.
If you need some such a tool: Core Security has their Core Impact product: http://www.coresecurity.com/
This is also described in the SANS article.
But don't put all your trust in such tools. There is still a lot of manual (and brain) work to be done.

J.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.