Penetration Testing mailing list archives
Re: Using 0days as part of pen-test?
From: Pete Herzog <lists () isecom org>
Date: Thu, 15 Jan 2009 17:27:55 +0100
My point exactly. I agree with you completely. The blackbox model for pen testing is flawed if it is applied to anything not proprietary and completely new.
-pete. Oliver Schad wrote:
I don't understand something: Why should you test a blackbox, why shouldn't you get all informations except user accounts? You don't know the knowledge of all attackers around the world about this specific network. You should assume, there is somebody who knows everything, should you?I mean, why should I choose as a tester a role of an attacker who knows nothing about the network if there is somebody in this world who could attack this network with all knowledge he needs?Regards Oli
Current thread:
- Using 0days as part of pen-test? ArcSighter Elite (Jan 12)
- Re: Using 0days as part of pen-test? Chris Griffin (Jan 13)
- Re: Using 0days as part of pen-test? Pete Herzog (Jan 13)
- Re: Using 0days as part of pen-test? purdy (Jan 14)
- Re: Using 0days as part of pen-test? Oliver Schad (Jan 15)
- Re: Using 0days as part of pen-test? David Howe (Jan 15)
- we are security critics was: Re: Using 0days as part of pen-test? Pete Herzog (Jan 15)
- Re: we are security critics was: Re: Using 0days as part of pen-test? David Howe (Jan 17)
- Re: Using 0days as part of pen-test? purdy (Jan 14)
- Re: Using 0days as part of pen-test? Oliver Schad (Jan 15)
- Re: Using 0days as part of pen-test? Pete Herzog (Jan 17)
- Re: Using 0days as part of pen-test? David Howe (Jan 17)
- Re: Using 0days as part of pen-test? Oliver Schad (Jan 17)
- Re: Using 0days as part of pen-test? David Howe (Jan 20)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? David Howe (Jan 13)