Penetration Testing mailing list archives
Re: Need help in making penetration testing tool
From: baumgartner () oneconsult com
Date: Sun, 11 Jun 2006 15:13:27 +0200
Hi, Your idea of combining several functionalities is not so new. So called vulnerability management tools and systems (e.g. SkyBox) combine assessment tools like vulnerability scanners (e.g. Nessus, GFI Languard, Retina), port and network scanners (e.g. Nmap) with security patching funcionality. But the idea, to combine pen test tools with intrusion detection and prevention is knew (as far as I know). But I would not combine such functionalities because pen testing and IPS are following different approaches. A pen test searches for all (technical) security weaknesses and flaws in the target systems (configuration, firmware, os, applications, services in use, patching level, etc.). An IDP/IPS analyses the network traffic based on patterns. I would recommend to take a look at the open source tools nmap (www.nmap.org), nessus (www.nessus.org) and snort (www.snort.org) to have an idea of the complexity of state of the art security scanners and ids/ids. Maybe you might code a control cockpit for (open source) security scanners and idp/ips. Regards, Christoph Baumgartner
-- OneConsult GmbH IT Security & Strategic Consulting Christoph Baumgartner lic. oec. publ., OPSTCEO
Zürcherstrasse 73, 8800 Thalwil, Switzerland Tel.: +41 43 443 52 52 - Fax: +41 43 443 52 62baumgartner () oneconsult com - www.oneconsult.com
mh_omair () yahoo com writes:
HEllo;By the way l I am new to this list.... iam final year student of computer science...my final year project is a penetration testing tool.. actually we are trying to merge capabilites of both pen test tool and IPS(not just providing testing but remedies too).. i donot know if i am thinking in wrong way....I donot know where to start...please tell me some suggestion and resources that can help me in my project...right now i need good basics and then advance concept... i believe if i can pentrate a system than it would be easy to close that doors for others.Waiting for poistive response.....------------------------------------------------------------------------------This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Need help in making penetration testing tool mh_omair (Jun 10)
- Re: Need help in making penetration testing tool[Scanned] Davie Elliott - Eluse (Jun 12)
- Re: Need help in making penetration testing tool baumgartner (Jun 12)
- Re: Need help in making penetration testing tool killy (Jun 14)
- RE: Need help in making penetration testing tool Adam Morey (Jun 16)
- <Possible follow-ups>
- Re: Need help in making penetration testing tool anonymous (Jun 12)