We changed our name from IT Central Station: Here's why

Rapid7 Metasploit Questions

Miriam Tover
Content Specialist
PeerSpot (formerly IT Central Station)
Oct 05 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

2 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 05 2021

Hi Everyone,

What do you like most about Rapid7 Metasploit?

Thanks for sharing your thoughts with the community!

5 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 05 2021

Please share with the community what you think needs improvement with Rapid7 Metasploit.

What are its weaknesses? What would you like to see changed in a future version?

4 Answers
Miriam Tover
Content Specialist
PeerSpot (formerly IT Central Station)
Oct 05 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

5 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 05 2021

If you were talking to someone whose organization is considering Rapid7 Metasploit, what would you say?

How would you rate it and why? Any other tips or advice?

5 Answers
Vulnerability Management Questions
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jan 27 2022

Hi infosec professionals.

What are your top choices of tools to use for mobile penetration testing this year?

Thanks for sharing your knowledge!

2 Answers
ZvikaRonen
Chief Technology Officer at FOSSAware
Jan 26 2022
A developer sabotaged his own open-source libraries, breaking thousands of apps as a protest for commercial companies which make millions from his code and contribute back nothing. What do you think about his act? Is it legitimate since the license of open source is given "as is"? Should he have...
Read More »
ITSecuri7cfdSome call what he did DLC/DRM.  I think he'll suffer from reputation loss and… more »
2 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 29 2021
Hi security professionals, As the majority of you have probably heard, GoDaddy has been hacked again a few days ago. Based on what is already known, what has been done wrong and what can be done better?  Share your thoughts!
Read More »
1 Answer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 22 2021

Hello dear members,

What are the MITRE ATT&CK framework use cases? How can it be integrated/used in an enterprise security strategy?

Jairo Willian PereiraYou can simulate different types of access/attacks using the matrix suggested by… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 22 2021

Hi peers,

What should one include (essential items) into a Service Level Agreement (SLA) when purchasing cloud penetration testing services? 

Jairo Willian PereiraUsually, CSPs provide a list of what is/isn´t presented in their SLA and… more »
3 Answers
Ram-Chenna
User at FD
Oct 08 2021
Hi peers, We have developed an eCommerce system using the Microsoft Technology Stack.  Now, we would like to perform Vulnerability Assessment and Penetration Testing (VAPT) of this system using a comprehensive tool.  Can anyone recommend a tool that (preferably, an open-source one) to perform ...
Read More »
Jairo Willian PereiraYou can start with OpenVAS (an excellent tool during "first steps")… more »
1 Answer
Elsayed Ahmed
CIO at AIMS
Nov 24 2021

Hi cybersecurity professionals,

I'm looking for your recommendations about penetration testing tools for SMB/SME. 

What would be your choice? Please share a technical description of why would you choose this tool over others.

Thanks in advance.

3 Answers
User at DDD

Hi, I'm doing integration between Tenable and ServiceNow and I'm looking for an API for Tenable Connector into ServiceNow.

Does anyone have good recommendations? 

Thank you!

3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi peers, Which automated tools for penetration testing would you recommend to your colleagues working for enterprises?  Please share 1-3 reasons why you like those tools.
Read More »
VishalDhamkeThere are many automated DAST & SAST tools but from my perspective, there is no… more »
John RendyHi Evgeny, There is one automated penetration testing tool that performs way… more »
3 Answers
Jairo Willian Pereira
Information Security Manager at a financial services firm with 5,001-10,000 employees
Nov 06 2021
Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?
Read More »
James DirksenYes, take a look at DeepSurface. It’s designed to automate the process. 
Stewart GwynClear use with the NIST compliance framework, Archer IRM 6.9.sp3.p2, use of… more »
2 Answers
Rony_Sklar
PeerSpot (formerly IT Central Station)

Is continuous vulnerability scanning essential? 

Are there other approaches to vulnerability management that do not involve continuous scanning?

George FyffeAs data increasingly moves from on-prem to Public Cloud, we need a complete… more »
Gilbert-KabugiI believe vulnerability scanning is usually a scheduled activity where you can… more »
Jairo Willian PereiraYes, essential*. You can start your program, for example, based on "Internet… more »
6 Answers
Rony_Sklar
PeerSpot (formerly IT Central Station)
Aug 21 2021

In the past vulnerability assessment has been the primary approach used to detect cyber threats. 

Risk-based vulnerability management has become increasingly popular. 

How do each of these approaches work, and which do you think is more effective?

DavidGilliesAs soon as a vulnerability assessment is complete, it is obsolete. Your… more »
Nikos ChristakisVulnerabiity Assement is a useful process but it's still a snap-shot of your… more »
Paresh MakwanaYOU are right that earlier vulnerability assessment was very basic and done as… more »
5 Answers
Ariel Lindenfeld
Sr. Director of Community
PeerSpot (formerly IT Central Station)

Let the community know what you think. Share your opinions now!

Fin Nish- Great dashboard - Reporting - Supports multiple formats (PDF, CSV, XML) -… more »
Micheal Iroko-Msc, CISA, CISM, CRISC, COBIT, CEHEnsure compatibility of the vulnerability software to the organization's needs.
5 Answers