full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [Tool Release] TA-Mapper B

[Full-disclosure] [Tool Release] TA-Mapper BETA: Application Pen-Testing Effort Estimator

From: Debasis Mohanty <debasis.mohanty.listmails_at_nospam>
Date: Thu Jan 01 2009 - 17:34:50 GMT
To: <full-disclosure@lists.grok.org.uk>


Happy New Year To All!

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by able to calculate efforts with greater accuracy required for application penetration testing.

I wrote this tool back in 2004 to support some of my freelancing assessment. I was intrigued to write this tool when I was asked by one of my Fortune 100 customer to justify efforts quoted against the activities for a penetration testing assignment. It not just helped me win the project but also help me educate the customer in knowing the activities involved at the micro-level. After making few changes in the tool I thought I have kept it private too long and its right time to share it with the world.

Get it here: http://www.coffeeandsecurity.com/resources/tools/tamapper.aspx

-d



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/