« Mid-Semester Lessons Learned | Main | Patching and Hooking Students (Part 2) »

Security Tool Reviews

We haven't gone over "advanced hacker tools" in this course historically. The focus has always been on basic technical skills and the tools that can help students learn them. Things like IDA, Immunity Debugger, Metasploit, and Burp Proxy. The one thing we're not doing here is training script kiddies.

My views on this changed after a student of mine asked what Nessus was after handing in their final project. I was proud of this at first, really proud of this, but then I realized that this lack of exposure could be a weakness, if only because they might be misled by clever marketing in the future. Taking inspiration from a recurring series of presentations that Erik Cabetas and I put on for OWASP NY/NJ, I now devote the first 15 minutes of each class to honest discussions on security tools and their limitations. Even better, I ask students to research and present them. 

I'll be asking students to post their own slides to this blog each week. If the tool they review is open-source, I'll forward the feedback to the developer so that hopefully the tool can be improved.

If you have suggestions for topics for these presentations, feel free to post them below. I set the pace and did the first one this week on Fortify SCA, which Fortify Software donated for use in the class, and I'll be posting my review later this weekend. Thanks Fortify!

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.