http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=213401744 By Kelly Jackson Higgins DarkReading Feb 09, 2009 The Metasploit hacking tool soon will come with services-based features aimed at offloading resource-intensive penetration testing tasks, as well as augmenting the popular open-source software. While this is not a pure software-as-a-services model, the new service-based features are a departure from Metasploit's software-based approach. The goal is to add back-end services, such as an "opcode" database client and a password-cracker to Metasploit, that seamlessly expand the tool's features and resources for its users, says HD Moore, creator of Metasploit. "We want our regular users to be able to take advantage of [such] services transparently," Moore says. While Metasploit's clientele tends to be more technical and research-oriented, adding these back-end services to its pen-testing tool is likely to influence the commercial penetration testing product market as well, security expert say. In this difficult economic climate, back-end services could provide enterprises with a relatively low-cost option for in-house penetration testing. "I could see this as having a very appealing value proposition," says Nick Selby, vice president and research director at The 451 Group. "Immunity and Core could start throwing in services at a very low risk to themselves as vendors and a high value to customers -- especially ones on the fence about whether to bring pen-testing in-house more aggressively" because they're unable to afford outsourcing it or hiring the in-house expertise, he says. Immunity already has such a service in the pipeline, called ImmunitySafe, which it will launch in the third quarter, says Justine Aitel, CEO of Immunity, which sells enterprise-grade penetration testing products. The company already offers consulting-based pen-testing services in addition to its software products. [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Tue Feb 10 2009 - 23:08:14 PST
This archive was generated by hypermail 2.2.0 : Tue Feb 10 2009 - 23:14:13 PST