Security Basics mailing list archives
External Pen Test / Manual Exploitation
From: Jason Burzenski <jburzenski () americanhm com>
Date: Mon, 22 Sep 2003 09:35:40 -0400
I am in the process of reviewing a proposal for external penetration testing from a vendor. One of the phases of the pen test includes a manual exploitation of vulnerabilities discovered using automated scans. The text makes mention of specially crafted commands or code and the use of modified open source tools. Is this a normal part of an external penetration test? According to the break down of phases, they will use automated tools, then verify the results using manual means to reduce false positives. Why the need for additional manual exploitation? This seems to pose unnecessary risk to my network services. Jason Burzenski --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- External Pen Test / Manual Exploitation Jason Burzenski (Sep 22)
- Re: External Pen Test / Manual Exploitation Ian Kelly (Sep 22)
- Re: External Pen Test / Manual Exploitation James Fields (Sep 22)
- Re: External Pen Test / Manual Exploitation port530 (Sep 23)
- <Possible follow-ups>
- Re: External Pen Test / Manual Exploitation Muhammad Faisal Rauf Danka (Sep 23)