Penetration Testing mailing list archives
Re: [PEN-TEST] Penetration Testing Ethic
From: Bennett Todd <bet () RAHUL NET>
Date: Wed, 13 Sep 2000 16:44:20 -0400
2000-09-13-12:52:51 Mathew Bevan:
I have always had a problem with companies that not only perform the security audit and make recommendations but perform the fixes as well... Is it not in their interest to leave a few holes here and there so that their report doesnt look so bare when they come back for repeat testing..
Nope. If one organization is both testing and fixing, then they'll have to document why the problem occurred; it'll have to be either something they didn't know about before, or a result of some change made by the customer. If they didn't know about it before, they'll need to be documenting (typically with the URL of the bugtraq announcement) how they came to learn about it since the last scan --- if there's a continuing pattern of stuff that they didn't find in previous scans, that were old news when those scans were made, then they aren't doing their job. -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: [PEN-TEST] Cost of Penetration Testing, (continued)
- Re: [PEN-TEST] Cost of Penetration Testing H Carvey (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic edison (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Teicher, Mark (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)