fergal — 2012-08-06T14:05:32-04:00 — #1
I'm considering downloading and learning how to use MetaSploit to identify security vulnerabilities in my own websites. Have you experience of using this application? Would you recommend it for this purpose?
If you believe MetaSploit is not the best tool for this job, is there anything else you would recommend?
dklynn — 2012-08-07T08:02:20-04:00 — #2
As I've mentioned to you before, if you "attack" your own (hosted) website, you are violating laws enacted around the world. If you want to "play" with these tools, do so ONLY on a virtual machine on your own computer OR you'll end up in jail.
Tools? Load your Virtual machine with BackTrack (which includes a Linux OS) and attack your own computer (or another virtual machine).
eastcoast — 2012-08-07T18:46:04-04:00 — #3
The problem with this approach is that it can give you a false sense of security. You should start with best practices in development, maintaining a regime of server and application security updates, and personal account and data security, rather than hoping to catch weakness after the fact. Metasploit can be a useful tool, but shouldn't be mistaken as a total solution to site security.
fergal — 2012-08-10T13:39:23-04:00 — #4
Thanks for the helpful replies.
EastCoast I'm just starting to learn about this area and that's the direction I'm leaning towards, thanks for that.