Security Basics mailing list archives

External Pen Test / Manual Exploitation

From: Jason Burzenski <jburzenski () americanhm com>
Date: Mon, 22 Sep 2003 09:35:40 -0400

I am in the process of reviewing a proposal for external penetration testing
from a vendor.  One of the phases of the pen test includes a manual
exploitation of vulnerabilities discovered using automated scans.  The text
makes mention of specially crafted commands or code and the use of modified
open source tools.  

Is this a normal part of an external penetration test?  According to the
break down of phases, they will use automated tools, then verify the results
using manual means to reduce false positives.  Why the need for additional
manual exploitation?  This seems to pose unnecessary risk to my network
services.  

Jason Burzenski

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

External Pen Test / Manual Exploitation Jason Burzenski (Sep 22)
- Re: External Pen Test / Manual Exploitation Ian Kelly (Sep 22)
- Re: External Pen Test / Manual Exploitation James Fields (Sep 22)
- Re: External Pen Test / Manual Exploitation port530 (Sep 23)
- <Possible follow-ups>
- Re: External Pen Test / Manual Exploitation Muhammad Faisal Rauf Danka (Sep 23)