Full Disclosure mailing list archives
Re: Flash that simulates virus scan
From: "Michael Neal Vasquez" <mnv () alumni princeton edu>
Date: Wed, 31 Oct 2007 15:35:30 -0700
It's valid IMO, but also depends on the client expectations. At the outset, the parameters of what's being tested should be well outlined. Some clients prefer purely technical measures for penetration. Others are open to a complete (i.e. SE included) test. Obviously a better choice, but I always had 2 goals in the complete test: A) Purely technical intrusion & B) Intrusion via SE. Cover your bases, open their eyes. Show them a) the need for vigilant employee training and security awareness programs, and b) that their infrastructure has its own stand-alone holes as well.... On 10/31/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Wed, 31 Oct 2007 16:56:20 CDT, reepex said:resulting to se in a pen test cuz you cant break any of the actualmachines? Lots of *actual* compromises happen the same exact way - resorting to SE. As such, if a pen test doesn't cover the same territory, it's incomplete. "Yes, your house is secure - we checked all the doors and they're up to snuff. We however didn't check if you'll open the door *anyhow* if the landshark on the other side says 'Landshark', leading to everybody getting eaten." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Flash that simulates virus scan Joshua Tagnore (Oct 31)
- Re: Flash that simulates virus scan reepex (Oct 31)
- Re: Flash that simulates virus scan Valdis . Kletnieks (Oct 31)
- Re: Flash that simulates virus scan Michael Neal Vasquez (Oct 31)
- Re: Flash that simulates virus scan jf (Oct 31)
- Re: Flash that simulates virus scan reepex (Oct 31)
- Re: Flash that simulates virus scan scott (Oct 31)
- Re: Flash that simulates virus scan Valdis . Kletnieks (Oct 31)
- Re: Flash that simulates virus scan reepex (Oct 31)
- Re: Flash that simulates virus scan Dude VanWinkle (Oct 31)
- Re: Flash that simulates virus scan Nick FitzGerald (Oct 31)