Hacker News new | past | comments | ask | show | jobs | submit login

BackTrack is pretty overwhelming at the beginning. Do you have any suggestions on what programs/attacks will give you the most bang-for-your-buck?



I probably wouldn't recommend training team members on Backtrack. Backtrack is a go-to tool for network penetration testers, but if your concern is the security of your code, you're better served with a license for Burp Suite. Much of what's in Backtrack, including Metasploit, is probably not going to be useful in the "we'll need it every time through the dev cycle" sense.


The ones I use the most are:

Wireshark (to analyze traffic coming too and from my website), Metasploit (To make social engineering exploits to make sure my servers arent vulnerable), Mantra Security Framework, Cisco OCS Mass Scanner (For breaking Cisco Routers), SQL Inject, SQL Scanner (Both for finding injection errors). If you master these, you can do a lot of cool things with them. Wireshark is your best friend when things aren't over SSL.


wireshark just fine when things are over ssl. all you need is the private key. you'd be floored at how lazy some people are with their private keys.


Backtrack is used to install/host metasploit. If you find Metasploit daunting then you could use Armitage - a gui interface for metasploit.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: