[Dailydave] Defending the honor of...penetration testing tools
Anton Chuvakin
anton at chuvakin.org
Tue Feb 12 20:54:38 EST 2013
On Tue, Feb 12, 2013 at 9:50 PM, Dave Aitel <dave at immunityinc.com> wrote:
> So as you can see below, I'll be at RSA asking Andrew Jaquith why on
> earth he thinks penetration testing tools are evil. To be honest, I have no
> idea. Does that also imply penetration testing is evil, or is he saying
> that penetration testing tools make people lazy and therefor you get better
> penetration tests without them, in which case I'll try to get him to write
> his future papers without a keyboard or something.
>
Well, I can't say why he thinks they are evil, but I often thought that
their NAME is. Often, when I hear people say "penetration testing tools"
they *automatically* assume that "running that tool == penetration test."
After all, "X tool" in many minds means "tools that does X." Penetration
tools, last time I checked, don't DO penetration testing. Humans do. You
can insert all the jokes about stupid people and all, but this sentiment is
very, very contagious.
Therefore I often avoided naming them in my work and instead used
some kludge like "exploitation tools", or (please don't laugh) "tools
[somewhat] helpful during penetration testing."
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130213/b037e309/attachment.html>
More information about the Dailydave
mailing list