AOH :: IS1706.HTM

Metasploit Hacking Tool To Add New Services-Based Features




Metasploit Hacking Tool To Add New Services-Based Features
Metasploit Hacking Tool To Add New Services-Based Features



http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=213401744 

By Kelly Jackson Higgins
DarkReading
Feb 09, 2009

The Metasploit hacking tool soon will come with services-based features 
aimed at offloading resource-intensive penetration testing tasks, as 
well as augmenting the popular open-source software.

While this is not a pure software-as-a-services model, the new 
service-based features are a departure from Metasploit's software-based 
approach. The goal is to add back-end services, such as an "opcode" 
database client and a password-cracker to Metasploit, that seamlessly 
expand the tool's features and resources for its users, says HD Moore, 
creator of Metasploit. "We want our regular users to be able to take 
advantage of [such] services transparently," Moore says.

While Metasploit's clientele tends to be more technical and 
research-oriented, adding these back-end services to its pen-testing 
tool is likely to influence the commercial penetration testing product 
market as well, security expert say. In this difficult economic climate, 
back-end services could provide enterprises with a relatively low-cost 
option for in-house penetration testing. "I could see this as having a 
very appealing value proposition," says Nick Selby, vice president and 
research director at The 451 Group. "Immunity and Core could start 
throwing in services at a very low risk to themselves as vendors and a 
high value to customers -- especially ones on the fence about whether to 
bring pen-testing in-house more aggressively" because they're unable to 
afford outsourcing it or hiring the in-house expertise, he says.

Immunity already has such a service in the pipeline, called 
ImmunitySafe, which it will launch in the third quarter, says Justine 
Aitel, CEO of Immunity, which sells enterprise-grade penetration testing 
products. The company already offers consulting-based pen-testing 
services in addition to its software products.

[...]


_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods