igor - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is the Pwn Phone an effective enterprise security testing tool?

The Pwn Phone can reportedly detect network vulnerabilities instantly, but its use in the enterprise is questionable. Kevin Beaver explains.

The Android-based Pwn Phone can allegedly help enterprises detect network vulnerabilities instantaneously. Is there a case for using this in the enterprise, or are there other technologies that could be used?

The Pwn Phone looks like a neat tool; I'll likely put it on my short-list of security testing tools to acquire. I've always believed that your security testing is only as good as the tools you use; imagine a home inspector with a half-baked radon detector, or a surgeon without a means to view what he's going to be (or currently) operating on. The same applies to IT and security professionals; you have to have good tools.

I'm also a firm believer that you get what you pay for. Sure, the Pwn Phone runs many free tools such as Evil AP, SSL Strip, Metasploit and aircrack-ng, but they're in a commercial package that tends to help take the pain and effort out of running these tools all on your own.

That said, any IT or security professional -- both employees and contracted outsiders -- worth his or her salt can walk through any given office, talk to a few people and run some basic vulnerability scans and be able to tell where 80% of the security problems are in the organization. It's the same story, different network; missing patches, weak passwords, gullible users, physical security weaknesses and the like are putting organizations at risk. No fancy tools are needed to figure that stuff out.

Sure, the Pwn Phone looks powerful, but it's a novelty. I do believe that it'll be great for niche testing once you've already used more traditional tools such as desktop/laptop-based vulnerability scanners, network analyzers and password crackers.

In the end, if the Pwn Phone is all you use, you're ahead of the curve as many businesses still aren't doing any testing at all.

Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your questions now via email! (All questions are anonymous.)

Next Steps

Don't miss SearchSecurity's latest articles on vulnerability scanning.

This was last published in September 2014

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Do you think the Pwn Phone would be a viable enterprise security testing tool? Why?