Most penetration testers use many separate tools to get the job done. The problem is that many of the security tools available today do not have formats can allow for the tools to easily communicate directly. This makes automation very difficult. This speech will explain some of ways to fix the problem. We will be releasing several modules that allow for pentesters to integrate the data so that we can work towards automating a large portion of the process so that the pentesters can focus on the difficult aspects of the assessment that can not be automated. All pentests need to focus on performing the tasks that no automated solution can. This will be done integrating the existing tools we will make a large step in that direction.
Mr. Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. In the past, he has spoken at BlackHat, DefCon, ShmooCon, Infosec World, OWASP Boston, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ.