Beng breached is one of the scariest things that could happen to a security professional. The best strategies to prepare for a situation like this is to actually hack yourself. Whether you hire an external firm to perform a penetration test on your systems or you perform it yourself. It is a best security practice to know completely where you are vulnerable and how to fix it. Below is a short list of the best tools and suites for testing vulnerabilities.
- Burp Suite
- Burp Suite is one of the very best web vulnerability scanners on the market. One of the tools included called Intruder, lets the users initiate full pay load attacks on web sites of their choice. If you had one choice of a well-rounded tool to get and learn, this would be the one.
- For those who do not have the time or resources to work with Burp suite, Acunetix is your next best option. This is a great web vulnerability scanner that automatically scans for SQL injections, Cross-site scripting and other high end vulnerabilities that may leave your websites open to attack or data loss. This tool has many options and is very simple to learn. With the ability to create professional reports to your liking, Acunetix is an industry leader in vulnerability scanning.
- John the Ripper
- One of the classics, John the Ripper is a password cracking tool with a huge library to work with. It is compatible on many systems including Windows and UNIX. An easy tool that is run straight from the Bios, it is a must have for any pen-tester’s arsenal.
- Metasploit is a widely used vulnerability exploitation tool. This is a necessity when executing vulnerabilities found from a web scanner tool. Metasploit also is a great at intrusion detection. Being an anti-forensics suite, this kit comes with several different download options to fit your company’s needs.
- This packet capturing tool is one of the best tools a hacker can have. It is used as a starting point to scan and capture all forms of communication in a certain range. It is a multi-system application that can be operated on both terminal and GUI format. Wireshark is a free open source packet analyzer.
Even if you decide to go with an external Penetration tester, it is beneficial to learn and understand some of the testing techniques. Learning these tools will allow you to double check to make sure the external tester is doing their job correctly. Also when it comes time to remediate the vulnerabilities, you can perform this testing on your own to save on paying for someone else to do it.
These are the top penetration tools in the industry and most of them are free or include a free trail. I highly encourage small business and corporate security professional alike to further their education by adapting Pen-testing suites into their repertoire.