Penetration Testing mailing list archives
Re: Pen Test success rate
From: Zion <zion.den () gmail com>
Date: Thu, 30 Aug 2007 21:01:05 +1000
Hi James, Penetration testing is not about breaking into the systems, but about seeing if it is possible to break, now said that given time every system in the world is breakable. So let us put it that penetration testing is trying to see if it possible to break into the system/network/application in a given time frame using the techniques used by an hacker and then the penetration tester goes a different way that is the penetration tester would document a report about the findings and mitigation steps. So that the identified loopholes can be closed. I would say even if the penetration tester did not break into the system/network/application it was a success. All that you will have to see is that you engage a capable penetration testing team and not someone who would just execute a tool and report the findings. The time frame given to the team to test/break-in is important, it should not be too small that they (penetration testers) cannot do anything nor should it is too big (time is money). Based of how many IP's you are planning to target i would say make a judgmental call about the time. I suggest you engage a experienced penetration tester during the scoping. Hope that was of help Zion James Kelly wrote:
Given this scenario: Red team pen test from the Internet with no information or cooperation from IT staff. What would be a reasonable success rate of breaking in to say at least DMZ machines? Of internal hosts on private network? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Pen Test success rate James Kelly (Aug 29)
- Re: Pen Test success rate Serg B. (Aug 30)
- Re: Pen Test success rate nnp (Aug 30)
- Re: Pen Test success rate Zion (Aug 30)
- <Possible follow-ups>
- Re: Pen Test success rate jfvanmeter (Aug 30)
- Re: Pen Test success rate krymson (Aug 31)