Dailydave mailing list archives
Re: RE: Network Exploitation Tools aka ExploitationEngines
From: Matt Hargett <matt () use net>
Date: Mon, 06 Sep 2004 10:04:04 +0000
Dave Aitel wrote:
On Sun, 2004-09-05 at 06:24, Matt Hargett wrote:Clement Dupuis wrote:Ask both vendors for a demo. See for yourself, try it yourself, that's probably the best way to find out which one better fill your needs.This is what I always tell prospects who ask me about BugScan versus some other solution. They seem to appreciate the lack of negativity and dick-waving from our side, so far. (Though they apparantly can't say the same for some of the other players in the market.)Does Immunity and CORE play that nicely? Or does one spread FUD about the other?
Honestly, though, it'd be hard for me to spread FUD, cause the last time I saw their product was at G-Con when Gera did a short demo, so everything I know about it is here-say or based off marketing material on their web page.
Customers can be the best source of info since they eval lots of stuff, in my experience.
Who are some of the other players in the BugScan market? @stake SRA?
There's a bunch playing in the same sandbox now. KLOCwork, Fortify, Coverity, Ounce Labs, Parasoft, @stake, etc, etc. We're consistently winning over them when going head to head in accounts so far, but it'll be interesting once things start to really heat up. I originally thought that since this is not a new market, but just picking up where the blackbox companies left off, that the market would behave as though it were further along. It's seemingly not -- it's acting like a brand new market again, which has advantages and disadvantages.
On a side note, some of the XP/Python weenies say that test-driven development and a suite of unit tests can enforce types, getting the best of both worlds. Anyone have an opinion on this?Sounds nutty - cause the great thing about Python is that you don't care what Type you're using. A duck is something that quacks, and going beyond that is putting on handcuffs when you don't have to. This general concept is why Python is so much faster to use than .Net. I mean, it goes beyond that, into a language that makes broad generalization doable, rather than a huge nightmare the way C++ does. :>
It seems that without some contract you can check for compliance on that you'd have subtle bugs that crop up. Loose typing has always made me nervous, especially when constructing APIs for external use, so this is probably my own prejudice preventing me from understanding. It does seem like doing TDD in Python would give you some of the assurances that type safety also gives. But if speed of coding is all one cares about, then TDD probably isn't something that would come into play in the first place ;>
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: RE: Network Exploitation Tools aka ExploitationEngines Matt Hargett (Sep 05)
- Re: RE: Network Exploitation Tools aka ExploitationEngines Dave Aitel (Sep 05)
- Re: RE: Network Exploitation Tools aka ExploitationEngines Florian Weimer (Sep 05)
- Re: RE: Network Exploitation Tools aka ExploitationEngines Matt Hargett (Sep 06)
- RE: Network Exploitation Tools aka ExploitationEngines; Re: Matt Hargett (Sep 07)
- Re: RE: Network Exploitation Tools aka ExploitationEngines; Re: Kurt Seifried (Sep 07)
- RE: Network Exploitation Tools aka ExploitationEngines; Re:; Re: Kurt Seifried (Sep 09)
- Re: RE: Network Exploitation Tools aka ExploitationEngines; Re: esos03a (Sep 09)
- RE: Network Exploitation Tools aka ExploitationEngines; Re: Dave Aitel (Sep 10)
- Re: RE: Network Exploitation Tools aka ExploitationEngines Dave Aitel (Sep 05)