Penetration Testing mailing list archives
Re: Vulnerability vs. Pen test
From: bartlettNSF <bartlettNSF () comcast net>
Date: Mon, 27 Apr 2009 00:14:30 -0400
James Lay wrote:
I personally use Backtrack3 for a lot of my testing. Backtrack4 is not currently in it's finished stage. I'm waiting for that to happen. I've currently started using Davix after seeing it here on the list. Although Davix is more of an analysis (graphing) tool, it does have uses outside the norm. I'm still playing with it though.So part of PCI DSS requirements are for a quarterly vulnerability assessment, and a yearly pentest. My question is: is Nessus considered just a vulnerability scanning app? Thanks. JamesThanks for all the feedback on this. Guess my next question then is what type of apps does one use to pen test windows boxes and routers and switches? I've seen a lot of sql pen test and web pen test stuff here, but not much for the Windows and router/switches. Thanks again all. James ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
On a side note. I'm attempting to export the snort .sh install from the Backtrack disk. I'm not as much as a Linux/OpenSource guru as I wish to be. So I'm having trouble with it. Once I have completed this task I will send a fresh and detailed document describing the procedure. I can, of course, install it as I would normally do with any IDS. I just want a faster way to recoup any lost abilities if one of my sensors goes down.
------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Vulnerability vs. Pen test jlay (Apr 23)
- Re: Vulnerability vs. Pen test Ulises2k (Apr 23)
- Re: Vulnerability vs. Pen test Jeffrey Walton (Apr 26)
- RE: Vulnerability vs. Pen test Nick Vaernhoej (Apr 26)
- Re: Vulnerability vs. Pen test R. DuFresne (Apr 26)
- Re: Vulnerability vs. Pen test James Lay (Apr 26)
- Re: Vulnerability vs. Pen test bartlettNSF (Apr 27)
- RE: Vulnerability vs. Pen test James W. Beers (Apr 30)