Re: Opinions on ClicktoSecure's Hailstorm Product

From: Bill Pennington (billpat_private)
Date: Thu Sep 27 2001 - 22:38:08 PDT

Next message: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"

Previous message: Mike Denka: "RE: New laws in the wings"
In reply to: Security News: "Opinions on ClicktoSecure's Hailstorm Product"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I had the pleasure of watching Greg run Hailstorm through its paces and
was impressed with it's abilities even though it was around 1 AM :).
This is a great R&D/QA tool, it is the closest thing I have seen to an
automated vulnerability finder. eEye has Retina which is good with its
attack language but Hailstorm makes it easier to rapidly test a device
or application.

Having said that I struggle to find good uses for it during a pen test.
I mean for a application pen test (I am thinking web application here)
you can rapidly abuse a myriad on URL parameters in a short amount of
time, this is good (well great IMHO) but we found it a little to
involved to put in our standard arsenal.

That and some licensing issues (why does money always get in the way??)
made us decide not to deploy it.

Bottom line though really cool tool that I am sure will get even better.
Anything that helps developers produce more secure products is great.
Now if Microsoft would just purchase a ton of copies maybe we could all
get a few days off...

Security News wrote:
> 
> I am currently doing an evaluation of ClicktoSecure's Hailstorm product.
> Wondering if any of you have used the product, and what your opinions may
> be.
> 
> Thanks
> 
> dan
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

-- 

Bill Pennington - CISSP

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
Previous message: Mike Denka: "RE: New laws in the wings"
In reply to: Security News: "Opinions on ClicktoSecure's Hailstorm Product"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 08:59:37 PDT