Friday, April 16, 2010

Where to begin…

There’s a ton of security tools out there.

From the point of view of security consultants (pen-testers to be exact), most of these tools are there to make their job easier, aid them in improving test results and enable them to reduce the time required to perform their tests.

But that’s not how it works in reality...

Lately there so much tools that it’s hard to know what to use;

Some of these tools are obsolete, some contain numerous bugs that prevents their execution from being effective, and some simply don’t justify the time required to execute them. On the other hand, some relatively anonymous tools generate spectacular results and can provide great benefits, but for some unknown reason (that has nothing to do with their quality), do not receive the credit and recognition they deserve.

After several years in the profession, and as an official security tool addict, I have decided to invest some time in sharing my experiences from using these tools, and from time to time, publish detailed benchmarking articles that compare between the various tools features, usability, accuracy, advantages and disadvantages.

In hopes that the community will benefit from this initiative, and in hopes that it will inspire the various tool vendors to compete and improve their tools,

Let the contest begin.