Security Basics mailing list archives
Re: Vulnerability Scanning Doesn't Work
From: ArcSighter Elite <arcsighter () gmail com>
Date: Thu, 08 Jan 2009 13:22:07 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abe Getchell wrote:
Hey Adriel, The title and opening paragraph of your blog post are quite misleading and rather reckless. There is definitely a false sense of security that is sold to some organizations by the developers of vulnerability scanning tools, but that is the fault of the purchasing organization (due to a lack of education and unqualified individuals making decisions), not those companies pushing their product. It's a consumer problem, not a technology or process problem, which you seem to describe it as in the bulk of your blog post. Vulnerability scanning tools can have a wonderfully awesome impact on your security posture if they're used in a manner in which they function adequately; as a compliance tool. While I understand the sales aspect of your blog post, what your customers (and any other organization investigating this type of technology) should understand is that they should not be "using a team of talented hackers for security testing instead of relying on automated vulnerability scanners", but rather "using a team of talented hackers AND vulnerability scanners for security testing and compliance". See ya, Abe
I agree. IMHO, a pen-testers team is a must-use for any penetration testing scenario; they should be experienced people and the matter if they use vuln scanners or not, is of their choice. Vuln scanners are useful, but as I said, as with most tools, the human knowledge is the real factor. When you combine both they you get pen-test. Honestly. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJZkROH+KgkfcIQ8cRAr25AJ9cIgT37o8Vgmmn2xsfYkK7cTcYQACdEqxz a2JUdNkvPb67lHMpMAIsnD8= =baKp -----END PGP SIGNATURE-----
Current thread:
- RE: Vulnerability Scanning Doesn't Work Abe Getchell (Jan 08)
- Re: Vulnerability Scanning Doesn't Work ArcSighter Elite (Jan 08)
- Message not available
- Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 08)
- RE: Revising it [Vulnerability Scanning Doesn't Work] Siedelberg, Mike (Jan 12)
- Re: Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 12)
- Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 08)
- Message not available
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 09)
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 09)
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 12)
- Message not available
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 13)
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 14)
- Re: Vulnerability Scanning Doesn't Work Rob Thompson (Jan 14)
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 09)
- <Possible follow-ups>
- Re: Vulnerability Scanning Doesn't Work Michael Condon (Jan 13)