Penetration Testing mailing list archives
Re: Small Network Pen Testing
From: Rocky <pixscreenpoint () gmail com>
Date: Mon, 6 Nov 2006 09:10:36 -0800
I actually used nmap & nessus. The company don't want to hire 3rd party pen-test engineer because of the cost,they have presented a procedure and the cost is US$8,000. What i did is just scanned the whole network for open ports and vulnerablities and locked down the ports that are not need to be open and get nothing but a lap dance hehe. I did internal and external pen test.I actually told them that what i did is only scanning not the real pen-test stuff. Thank you all for replying. Rocky On 11/4/06, Stefano Zanero <s.zanero () securenetwork it> wrote:
Rocky wrote: > they wanted me to pen testing their network and i did 1) it is unethical to pen test a network you designed, because you already know what you will find, you already know the internals, so what kind of "penetration test" are you doing ? > using purely nmap. 2) Selling an nmap scan as a pen test is even worse than unethical. > Is there any simple and precise method for pen testing > small network? This process is composed of 2 steps 1) evaluate if a penetration test is really needed (it sounds as it probably isn't) and then 2) have your customer hire someone else than yourself, who can also in fact do a penetration test Sorry for the bluntness. Stefano
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Small Network Pen Testing Rocky (Nov 03)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)
- Re: Small Network Pen Testing Rocky (Nov 06)
- <Possible follow-ups>
- RE: Small Network Pen Testing Michael Scheidell (Nov 04)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)