Kali Linux improves penetration testing
Penetration testing is an effective tool for companies of all sizes, across the public and private sector, to assess the security of their critical resources. However, the primary mistake businesses make when it comes to penetration testing, is the assumption that all penetration tests are the same.
So says Mati Aharoni, lead trainer and developer at Offensive Security, who will present "Beyond Mr Robot - Kali Linux in the enterprise", at ITWeb Security Summit 2017, to be held from 15 to 19 May, at Vodacom World in Midrand.
Kali Linux is a Debian-based, powerful penetration testing platform used worldwide by security professionals.
"Penetration testing for compliance purposes is far different to penetration testing to identify and eliminate security issues," says Aharoni. "Do you want an assessment that identifies and catalogues as many issues as possible? Or do you want an assessment that is an accurate simulation of a real-world attack by malicious parties? You can't do it all in a single assessment, so you have to identify what your actual goals are."
In terms of what businesses should be doing better, he says investing in ongoing training for their in-house professionals, and the tools necessary to help them, is a great start. "This increases the depth of knowledge in the organisation to better address the real-world security needs the business faces."
He says while he can't speak for the industry as a whole, Kali Linux has changed penetration testing for Offensive Security, and a handful of other penetration testing companies. "Kali Linux provides our penetration testers with a one-stop toolset that works on multiple platforms, devices and architectures ? virtual or physical.
"This toolset contains all the necessary items needed for the vast majority of assessments, providing a universal, customisable reference platform. This streamlines our work and helps us spend more time on the assessment, and less time setting up our work environment.
"Kali Linux is the platform of choice offering versatility and accessibility essential for today's security professional. It scales up and down in an enterprise based upon an organisation's needs," he adds.
During his presentation, Aharoni will discuss how Kali Linux can be included into the security lifecycle of organisations with the aim of improving their security posture as a whole.