Page 188 - Hands-On Bug Hunting for Penetration Testers
P. 188

Other Tools                                                                Chapter 11

            Evaluating New Tools ` What to Look For


            It's critical when you're looking at a new piece of pentesting software to analyze the value it
            brings to your workflow. It's also critical to ask many of the same questions you'd be asking
            of an open source, SaaS, or paid app in any other space. Questions should include the
            following:

                      What capabilities does this add to my workflow that I don't already possess?
                      How important are these new features? What do I predict their impact being?
                      Does this lock me into plans or services or a particular design?
                      Does it have a mature CLI?
                      How does it perform against known positive cases (in the case of scanners and
                      other detection software)?
                      If it's open source, how old is the project? When was the last commit and what's
                      the general frequency of commits? Are there a lot of outstanding issues? Are
                      issues addressed?
                      In the case of a free tool, is enough functionality exposed to the free/community
                      user? Or is the bulk of what you need locked behind a paid license or
                      subscription?
                      In the case of a paid tool, does it integrate with an outside workflow (incoming
                      and outgoing webhooks, either client libraries in several languages or a RESTful
                      interface)? Or does it lock you into its system?


            Some of these questions don't have clear answers, but thinking through them will help you
            understand the value proposition of any software you're considering adopting.


            Paid Versus Free Editions ` What Makes a

            Tool Worth It?


            Evaluating whether to start paying for a security tool is just an extension of the process of
            deciding whether to adopt it in the first place, except with more emphasis on relative
            impact.

            Burp Suite Pro is undeniably a useful extension of the community version. You get the
            scanner, which integrates tightly with Burp's scoping and attack surface mapping features,
            and advanced manual tools, such as the ability to generate a CSRF from an intercepted
            HTTP request (which we'll cover later in this chapter), along with other goodies.


                                                    [ 173 ]
   183   184   185   186   187   188   189   190   191   192   193