Penetration Testing Software Recommendations

Question

Penetration Testing Software Recommendations

Jeff Moden

SSC Guru

Points: 1003859
More actions
August 23, 2015 at 9:59 am

#302264

We're currently using a 3rd party to do our penetration testing on a quarterly basis and, to be honest, it's expensive. I Googled for penetration testing software (both free and paid for) and there are an insane number of such offerings.
With that in mind and for those of you doing your own penetration testing, do you have any recommendations that I could check on to narrow down my search a bit?
Thanks for the help folks.
--Jeff Moden
RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
Change is inevitable... Change for the better is not.
Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Jeff Moden SSC Guru Points: 1003859 More actions · Answer 1

Heh... perhaps a better question would be, "Are any of you good folks doing penetration testing of your apps and/or your database servers"?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

djj SSCoach Points: 18831 More actions · Answer 2

Jeff Moden (8/23/2015)
We're currently using a 3rd party to do our penetration testing on a quarterly basis and, to be honest, it's expensive. I Googled for penetration testing software (both free and paid for) and there are an insane number of such offerings.
With that in mind and for those of you doing your own penetration testing, do you have any recommendations that I could check on to narrow down my search a bit?
Thanks for the help folks.

I am not involved directly with the penetration testing here but our switches keep denying everyone after a test. 🙂

Anyway what I wanted to bring up is, if you are doing certification then would not a 3rd party be needed?

Jeff Moden SSC Guru Points: 1003859 More actions · Answer 3

I guess it depends. Supposedly, if you can prove how you tested, you can be certified. I personally don't think it's worth the time to do it ourselves. Even with that negative thought on my part and even if we can't certify by doing it ourselves, it would be good and less expensive for us to be able to test to find things and fix them rather than the 3rd party finding them and us getting caught in the small but expensive loop of they find it, we fix it, they test again, oops, we didn't really fix it, we fix it again, wash, rinse, repeat.

It would be much less expensive if we found, we fixed it, and there was nothing for them to find.

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

djj SSCoach Points: 18831 More actions · Answer 4

Understand completely. There is also the we test, find, fix then get a certification test from 3rd party. (If needed)