On Tue, Feb 12, 2013 at 9:50 PM, Dave Aitel <[email protected]> wrote:
> So as you can see below, I'll be at RSA asking Andrew Jaquith why on > earth he thinks penetration testing tools are evil. To be honest, I have no > idea. Does that also imply penetration testing is evil, or is he saying > that penetration testing tools make people lazy and therefor you get better > penetration tests without them, in which case I'll try to get him to write > his future papers without a keyboard or something. > Well, I can't say why he thinks they are evil, but I often thought that their NAME is. Often, when I hear people say "penetration testing tools" they *automatically* assume that "running that tool == penetration test." After all, "X tool" in many minds means "tools that does X." Penetration tools, last time I checked, don't DO penetration testing. Humans do. You can insert all the jokes about stupid people and all, but this sentiment is very, very contagious. Therefore I often avoided naming them in my work and instead used some kludge like "exploitation tools", or (please don't laugh) "tools [somewhat] helpful during penetration testing." -- Dr. Anton Chuvakin Site: http://www.chuvakin.org Twitter: @anton_chuvakin Work: http://www.linkedin.com/in/chuvakin
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
