Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Email Pen-testing

From: Chris Hurley <churley () assureddecisions com>
Date: Tue, 23 Mar 2004 10:49:13 -0500 (EST)


On Tue, 23 Mar 2004, James Taylor wrote:



To drift slightly off topic... For me a vulnerability scan has much more value
to most companies than a pen test.  That is , of course, if you apply the
principle that a vuln scan should be performed at each perimeter layer, against
all hosts, then assess the risk by taking each vulnerability discovered in the
context of the network as a whole.



I agree with the gist of your point, however I am assuming that by
"vulnerabillity scan" you are actually referring to a vulnerability
assessment.  A scan is a valuable part of an assessment, however on it's
own it is generally only valuable for identifying signature based
vulnerabilities.  A full assessment, on the other hand, if conducted
thoroughly, can identify areas of potential future exploitation that can
be pro-actively addressed.

Chris Hurley

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: