Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is Pentesting Goal Oriented, or Coverage Oriented?

From: "Kevin L. Shaw, CISSP, GCIH" <kshaw () eeenterprisesinc com>
Date: Mon, 05 Oct 2009 06:35:23 -0400
Your argument is correct in that it assesses vulnerabilities; however the market/customers I have encountered both commercial and civilian government consider a vulnerability assessment much less intrusive than any penetration and insist on knowing which scanner you are using (i.e. Nessus, Retina). There is much more speculation and no demonstrating a "found vulnerability" as susceptible to privileged access. 

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: