This chapter introduces automated attacked and penetration tools and delves into the topics of vulnerabilities, risk, and exploits. A vulnerability is nothing more that a weakness in the computer software or design of the system. Software vulnerabilities typically result from coding errors, bugs, and design flaws.

Security professionals spend a lot of their time on vulnerabilities, but that doesn't mean that all vulnerabilities are always addressed and corrected. Consider, for instance, the analogy of a defective car. Years ago, my brother was given a Ford Pinto for a graduation present. While pleased at the time, my family soon discovered that this car was subject to explosion if hit from the rear. This defect in the design forced Ford Motor Company to recall all these cars and remove them from the market. Compare this to buying a piece of software, only later to find that the software has a defect in design. What are your options? As you most likely already know, you are at the mercy of the developer to develop a patch or update it. If the software is already a couple of years old, as the case with the 1972 Ford Pinto, the software developer might have decided to no longer support the software, leaving you with the option of continuing to use vulnerable software or spend money on an upgrade.

The concept behind attack and penetration tools is to look at how vulnerable a piece of software, an application, or a networked system is. ...