Automated penetration testing is finally being taken seriously in the face of the complex, multi-layered threats Rapid 7’s CSO HD Moore has said as his company announced its new revision of the open source tool, Metasploit Pro 4.0. Automated penetration testing is finally being taken seriously in the face of the complex, multi-layered threats Rapid 7’s CSO HD Moore has said as his company announced its new revision of the open source tool, Metasploit Pro 4.0.A million lines of code later from 3.0, Metasloit Pro 4.0 offers a raft of improvements, Moore said, including integration with security information and event management (SIEM), and the ability to attack password insecurities in a range of applications including Outlook, WSFTP, CoreFTP, SmartFTP, TotalCommander, BitCoin, Firefox and IE.It also now supports testing from the Amazon EC2 cloud and as a VMware image.But a smaller element of the package is perhaps a telling one, the addition of nine SCADA exploits associated with the infamous Stuxnet malware. This is hugely niche but offers a clue as to why such automated testing is becoming popular for customers that might in the past have seen it as a luxury or simply unnecessary. The SCADA exploits were added at the request of customers, which raises an interesting point about penetration testing systems – they reflect the worries of real customers. In this instance, HD Moore said, companies in sectors affected by SCADA vulnerabilities were using them to test equipment before deployment as a test of manufacturer’s security claims.The challenge for penetration testing wasn’t just to find specific holes but to look at whole networks, said Moore. “Organisations looking to reduce data breach risks need smarter and more efficient security risk intelligence,” said Moore. “One way to get this is through frequent, broad-scale penetration testing. [] Penetration testing will show you how the systems inter-operate,” he said.Moore promised to give away “90 percent” of the code for Metasploit to fulfil its open source philosophy. Rapid 7 already offers a cut-down version, Metasploit Express, for those organisations that don’t require the more advanced features or who lack the expertise to deploy it.Metasploit 4.0 will be available from August. Related content feature What’s a cyber incident response retainer and why do you need one? Whether you need to hire a team to respond to any and all cyberattacks or just some hired guns to boost your capabilities, incident response retainers can ensure you’re covered. By Linda Rosencrance Sep 27, 2023 8 mins Cyberattacks Cyberattacks Cyberattacks brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe