Immunity, a company already well-known for making pen testing easy, has released a new tool to make writing exploits near-automatic. Immunity released the tool, called Debugger, here at the Defcon hackers convention on Aug. 3. Debugger is free for download, with its revenue being driven by paid ads from companies looking to hire the pen testers who use such a tool. One of the first help-wanted ads taken out by such companies includes Application Security.
Debugger comes with what Immunity says is the industry's first heap analysis tool built specifically for heap creation. It also sports a large Python API for easy extensibility and has function graphing as part of its user interface. Immunity is claiming that Debugger will cut exploit development time by 50 percent. Not everybody's happy to hear that. "They've got a good development community," said Dave Marcus, security research and communications manager at McAfee's Avert Labs, in an interview with eWEEK at Defcon. "But I look at it from the other side of house: What does this mean to the computing public?" What it means is more zero days, Marcus said. "And that's certainly not a good thing. I think you'll see a spike in zero days, and contributions to the zero-day initiative, because it makes it easier to find vulnerabilities. You're making the job easier.