Saturday, November 1, 2008

I have been listening through the OWASP 2008 session videos recently and some of it is downright scary. I would have to agree with Ed Skoudis, a SANS instructor, who noted in a class I listened through (SEC 504) that this is the Golden Age of Hacking. The OWASP video was talking about a new phishing engine someone was creating. While this could be great for testing, it has a lot of things that would make it a powerful tool in the hands of script kiddies and even those with more experience.

It is kind of like the Metasploit Framework. It is a powerful tool for doing harm on systems, but it can also be used to test your own systems for possible vulnerabilities. I am not a pen tester, so perhaps these tools scare me even more. Still, it is better to know what is out there than to have the only tools circulate with only the bad guys knowing what is going on.


No comments: