From: Alfred Huger (ah@securityfocus.com)
Date: Wed Apr 10 2002 - 17:42:58 EDT
Hey folks,
Quite some time past there was discussion on this list around commercially
supported and developed Pen-testing tools. At the time no such creature
existed, outside of vulnerability scanners.
CORE Security Techonoligies has actually recently released an end to end
auditing system (or framework system if you will) which addresses a number
of signifigant issues facing people in this field. Issues like
commercially written and supported exploit code, audit trails,
reproducible labour from engagement to engagement etc. The product, CORE
IMPACT, is IMHO worth a very serious look at if your in the business of
penetration testing and risk assessment.
The product allows for everything from maintaining a working audit trail
of engagements to attacking, exploiting and taking control of systems to
proxying and chaining systems in attacks as well as many many other
things. It is so far as I can see one of the most innovative technologies
this industry has seen since pen-testing began to build itself
commercially into it's own inter-industry niche.
I was in both the alpha and beta stages for this product and it left a
very strong impression with me. This list is three years old and I have
never before plugged a single product which should say something on how
impressed I am with it.
You can look at their documentation here:
http://www.core-sdi.com/products/coreimpact/index.php
VP Engineering
SecurityFocus
"Vae Victis"
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT