Penetration Testing mailing list archives
Re: Testing large networks
From: "Davi Ottenheimer" <DaviO () westmarine com>
Date: Mon, 07 Mar 2005 08:45:12 -0800
It helps to be extremely familiar with the organization and understand how they rate/value their assets. That will bridge your vulnerability reports to their strategic view of risk, as well as day-to-day processes. Understanding the relevant compliance and regulatory issues will also help, as you can show that specific vulnerabilities translate into real penalties for non-compliance. In other words, if your client is a hospital, then your investigation and scanning should be at least able to demonstrate familiarity with patient confidentiality, and critical system availability, etc. as well as the Health Insurance Portability and Accountability Act of 1996 (HIPPA)...
Dan Rogers <pentestguy () gmail com> 03/05/05 08:05AM >>>
[...] So how do you lot approach testing a lage network? Also, how do you decide what to report to the client on? Cheers Dan ************************************************************************************************ The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. This email was scanned for viruses, vandals and malicious content. via mail3.westmarine.com *************************************************************************************************
Current thread:
- Testing large networks Dan Rogers (Mar 07)
- Re: Testing large networks Matthew Caston (Mar 07)
- RE: Testing large networks Randy Golly (Mar 07)
- Re: Testing large networks Anders Thulin (Mar 08)
- <Possible follow-ups>
- Re: Testing large networks Davi Ottenheimer (Mar 07)
- RE: Testing large networks Piskovatskov, Alexey (Mar 07)
- Re: Testing large networks Dhruv Soi (Mar 08)