I had the pleasure of watching Greg run Hailstorm through its paces and was impressed with it's abilities even though it was around 1 AM :). This is a great R&D/QA tool, it is the closest thing I have seen to an automated vulnerability finder. eEye has Retina which is good with its attack language but Hailstorm makes it easier to rapidly test a device or application. Having said that I struggle to find good uses for it during a pen test. I mean for a application pen test (I am thinking web application here) you can rapidly abuse a myriad on URL parameters in a short amount of time, this is good (well great IMHO) but we found it a little to involved to put in our standard arsenal. That and some licensing issues (why does money always get in the way??) made us decide not to deploy it. Bottom line though really cool tool that I am sure will get even better. Anything that helps developers produce more secure products is great. Now if Microsoft would just purchase a ton of copies maybe we could all get a few days off... Security News wrote: > > I am currently doing an evaluation of ClicktoSecure's Hailstorm product. > Wondering if any of you have used the product, and what your opinions may > be. > > Thanks > > dan > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ -- Bill Pennington - CISSP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 08:59:37 PDT