8 penetration testing tools that will do the job


If the probability of your assets being prodded by attackers foreign and domestic doesn’t scare the bejesus out of you, don’t read this article. If you’re operating in the same realm of reality as the rest of us, here’s your shot at redemption via some solid preventive pen testing advice from a genuine pro.

CSO speaks with pen test tool designer/programmer/aficionado, Evan Saez, Cyber Threat Intelligence Analyst, LIFARS, about the latest and greatest of these tools and how to apply them.

Available pen test tools

The pen test tools for this discussion are Metasploit, the Nessus Vulnerability Scanner, Nmap, Burp Suite, OWASP ZAP, SQLmap, Kali Linux, and Jawfish (Evan Saez is a developer on the Jawfish project). These tools are key to securing your enterprise because these are the same kinds of tools that attackers use. If you don’t find your holes and seal them, they will exploit them.

[ ALSO ON CSO: Pen testing tool or exploit? 6 samples of ways hackers get in ]

Metasploit is a framework with a large programmer fan base that adds custom modules, test tools that test for weaknesses in operating systems and applications. People release these custom modules on GitHub and Bitbucket. Bitbucket, like GitHub is an online repository for coding projects. “Metasploit is the most popular pen test tool,” says Saez.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon