Penetration Testing mailing list archives
RE: Email Pen-testing
From: Chris Hurley <churley () assureddecisions com>
Date: Tue, 23 Mar 2004 10:49:13 -0500 (EST)
On Tue, 23 Mar 2004, James Taylor wrote:
To drift slightly off topic... For me a vulnerability scan has much more value to most companies than a pen test. That is , of course, if you apply the principle that a vuln scan should be performed at each perimeter layer, against all hosts, then assess the risk by taking each vulnerability discovered in the context of the network as a whole.
I agree with the gist of your point, however I am assuming that by "vulnerabillity scan" you are actually referring to a vulnerability assessment. A scan is a valuable part of an assessment, however on it's own it is generally only valuable for identifying signature based vulnerabilities. A full assessment, on the other hand, if conducted thoroughly, can identify areas of potential future exploitation that can be pro-actively addressed. Chris Hurley --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- Email Pen-testing Blake (Mar 21)
- RE: Email Pen-testing Kevin (Mar 22)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Blake Wiedman (Mar 22)
- RE: Email Pen-testing Chuck Herrin (Mar 22)
- RE: Email Pen-testing James Taylor (Mar 23)
- RE: Email Pen-testing Kevin (Mar 23)
- RE: Email Pen-testing Chris Hurley (Mar 23)
- RE: Email Pen-testing AJ Butcher, Information Systems and Computing (Mar 23)
- RE: Email Pen-testing Frank Knobbe (Mar 24)
- Re: Email Pen-testing Michael Richardson (Mar 24)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Kevin (Mar 22)
- RE: Email Pen-testing Rob Shein (Mar 23)
- RE: Email Pen-testing Brad . Murray (Mar 23)
- Re: Email Pen-testing Michael Richardson (Mar 23)
- RE: Email Pen-testing R. DuFresne (Mar 23)