Penetration Testing mailing list archives
RE: Penetration test of 1 IP address
From: "Sels, Roger" <roger.sels () gov-fbi net>
Date: Thu, 9 Feb 2006 16:38:50 +0100 (CET)
Hey, I see what you mean, but do we really dispose of enough information to judge whether or not it is ethical to help Edmond ? Whether or not it's a sham and his customer is being ripped off ? And if so, is that really Edmond's fault ? Maybe, just maybe, Edmond is in a situation we've all been in at some point sooner or later during our careers. You join a company, get bombarded to e.g. the Cisco specialist and a lot of training and coaching and what not gets promised to you. You are highly motivated at proving yourself worthy of this commitment from your employer, and eager to learn you inquire with your trusty old pal Google. And all appropriate mailing lists to the subject at hand. You even get yourself some books and might consider trying to get certified in that domain. 6 months from now, you'll have picked up the skills (or some at least), the company's not going to see the point of furthering your training as "well you've learned it all by yourself, you eager chap" and that's it. Long live Company X's new Cisco Specialist. But yes, it does suck for his customer but that doesn't necessarily have to reflect bad on Edmond personally. Just on his employer ;-). Possibly on the customer as well for being knowledgefull enough that he needs a security test but not researching who in his area seems really specialised in security testing. (if Edmond's company really was, why did he come to us for help and not "the specialists" internally?? ) This said, show me a company that has ALL the experts on board it claims to its customers and I'll show you a VERY surprised face ;-) I also assume the customer has met Edmond, and he's been honest enough to have stated he has "limited experience". Kind regards, Roger On Thu, February 9, 2006 10:10 am, T0aD said:
Hello all, Really Im a bit surprised to see you guys taking in consideration such questions. I mean, Im not ok against beginners questions, thats not the point, there is no guru nor beginners, we are here with differents experiences and levels of knowledge (maybe Im better cook than aleph one !), but sometimes we have to understand what we're doing when giving away some information to some people. Here we have some guy, working for some company, having a customer's problem to resolve, thats to say to provide a pentest of a IP address. That is fine. The problem being: where is the precise question ? Should we help him to 'automate' some pentest ? Should we teach him how to actually do his job ? What kind of company is giving its customers such a poor service like assigning an employee with no clue how a pentest could be done ? Its like asking me to make some accounting for a company, I dont have the professionnal knowledge about it. You really think it would be fair for me to be able to invoice some customers for accounting ? In my world, it's definitely not. Do you really want to help such companies to spread and making fake and pretending people richer ? Me definitely not. Nothing against you edmond, don't take it personaly but if you are not skilled enough to even start a pentest, refuse it, except if the customer is aware of it and is kind enough to give you money to train yourself, otherwise be aware you're stealing someone. I think I was nice enough to get published here, maybe Im too idealistic or whatever, but at least I wanna know what you think about it or if Im missing a point somewhere. Have a nice day. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- Life is 10 percent what you make it and 90 percent how you take it. - Irving Berlin ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address Edmond Chow (Feb 08)
- RE: Penetration test of 1 IP address Larry Chin (Feb 08)
- RE: Penetration test of 1 IP address Erin Carroll (Feb 08)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- Re: Penetration test of 1 IP address Ivan . (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 08)
- RE: Penetration test of 1 IP address Matt Bowles (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address T0aD (Feb 09)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- RE: Penetration test of 1 IP address Erin Carroll (Feb 10)
- Re: Penetration test of 1 IP address Christine Kronberg (Feb 09)
- Re: Penetration test of 1 IP address Buz Dale (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- RE: Penetration test of 1 IP address Daniel Grzelak (Feb 09)
- RE: Penetration test of 1 IP address Lyal Collins (Feb 09)
- Re: Penetration test of 1 IP address vasile revnic (Feb 09)
- Re: Penetration test of 1 IP address Anonymous (Feb 09)
- Re: Penetration test of 1 IP address Packet Man (Feb 09)