How to fit tools in a Vulnerability Assessment & Penetration Testing ?

When we were attending conferences on IT security, we usually asked and learn many things.
Here is one of my question regarding VA/PT to expert in IT security, hope you like it and learn from it too, Because sharing is caring (Its time to Share now)

Student:

How to fit tools in a VA/PT?
Student:

Behalf of Learners – i would like to ask one question – so that beginners also can understand the first basic of penetration testing..
In most cases student attend hacking workshops or classes have basic understanding of few security tools. Typically students have used port-scanner, Wireshark, Metasploit etc etc.. Unfortunately most beginners do not understand how these tools fit into the PT. or it may cause the knowledge of beginners or its incomplete knowledge.. or lack of knowledge..

so according to Expert of Penetration Testing – What is the best way to Fit such kind of tools in manner – so that it will define one kind of framework of penetration testing officially.. ???
( just like i read one cycle of PT (A)Reco->Scanning->Exploitation->Maintaining Access->(A) )
IT Security Expert:
Not an expert – but from my viewpoint, VA/PT is not just about tools. A training should include the following:

  • Why we do VA/PT?
  • VA/PT Process and Framework (Which is not just about tools)

The main problem is that generally these are the theoratical part of the trainings and most of the students are not interested in the theory. Most of the beginners are interested in the “exploit” or “shell” part of it.

As part of the trainings, the tools should be covered in such a way that the students should know:

  • Whey we need to use tool?
  • Which tool to use?
  • When to use a particular?
  • What information should be gatherred or collected?
  • How to use the tool? (Various options and parameters)
  • Advantages and Disadvantages of using tools
  • How to create your own custom tools, etc.

To summarize, a good VA/PT training should balance both the Theory and Practial Hands-on equally and also at the same time give importance to the Technial and Management side of VA/PT.

(Thanks Manu Zacharia for such beautiful guidance on IT Security )

Advertisements

One thought on “How to fit tools in a Vulnerability Assessment & Penetration Testing ?

  1. Thanks for the marvelous posting! I actually enjoyed reading it, you are a great
    author. I will always bookmark your blog and definitely will come back later
    on. I want to encourage that you continue your great posts,
    have a nice evening!

Leave your reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s