The Penetration Testing Marketplace in 2010December 1, 2009 – 10:01 AM
Vulnerability assessment vendor Rapid7 has announced the first of a series of steps to integrate its penetration testing and vulnerability assessment scanning products. The first step is a module that allows users of the Metasploit Framework, which Rapid7 acquired in October to natively import NeXpose scanner results and then take automated action against vulnerabilities MSF is capable of attacking.
This is not the forum for a discussion of product news. But the integration, modest as it currently is, speaks to some high level trends in the penetration testing space that I feel are of continuing interest to businesses that currently perform or are considering setting up the capability to perform penetration tests using an internal pen test team.
In a nutshell, users of MSF 3.3.1 console and NeXpose can control the latter from the former, start a scan, import into MSF and cross-reference available exploits to the results of the scan, then automatically exploit the matching vulnerabilities.