Hi Troy:
Independent internal and external penetration testing are
compliance requirements for some environments subject to the PCI
DSS (Payment Card Industry Data Security Standard) and other
business or government regulations. It can be very expensive.
There are a couple security vendors MSU works with who do this
work. I have worked with one of them on penetration testing
projects. Please feel free to get in touch to discuss. I'm leaving
for the day in a few minutes but I'll be available tomorrow.
If you don't need independent testing, then Backtrack and
Metasploit, as suggested by BJ McPhall, are great tools. High
learning curves but very powerful.
Gene
--
Gene Willacker, PCI ISA
PCI Compliance Officer
MSU Controller's Office
110 Administration Building
Michigan State University
517-884-4110
On 8/16/2012 1:01 PM, Troy D Murray wrote:
[log in to unmask]"
type="cite">
Afternoon everyone,
I'm thinking about doing some penetration testing for our
public facing Internet servers and web applications. Just
curious if others here on campus have done this type of testing
and would be willing to share, either off-list or on-list,
feedback or experiences. Who did you use, and how was it, would
you recommend them, etc?
Thanks,
Troy Murray
Michigan State
University
College of
Medicine
Life Science
1355 Bogue St,
B-136D
East
Lansing, MI 48824
P: 517-432-2760
F: 517-355-7254
RedHat 5
Certified Technician
RedHat 5
Certified Systems Administrator
HL7
V2.6/2.5 Certified Control Specialist
