Security Basics mailing list archives
RE: Penetration testing report,
From: Walter Lamagna <wlamagna () tenroses com ar>
Date: Mon, 11 Sep 2006 15:45:08 -0300
One thing is penetration testing and another is vulnerability scanning. Sometimes the administrator or manager needs an exploit that exposes the vulnerability to agree in investing time and money in security, without the proove (exploit) they do not give security the importance it deserves. When you do a penetration test you have to tell the client that some services could get down, you have to agree a time to do the tests and have the authorization for this. The vulnerability scanning does has this risk too, but lowerer. Thanks Walter On Sun, 2006-09-10 at 11:46 +1000, IRM wrote:
I would argue that 80% of the cases we found that there is a vulnerability exist in the system but we couldn't exploit them because there in no public exploit around. What would you do about it? I mean it is easy to say that this code is buggy and to patch it but whether we can exploit them or not is another thing. What do you guys think? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of venkataramanan.as () gmail com Sent: Saturday, September 09, 2006 9:55 PM To: security-basics () securityfocus com Subject: Re: Penetration testing report, John, Scanning and patch assessment is just vulnerability assessment. Penetration testing is one step ahead of this where the vulnerabilities identified in vulnerability assessment are exploited for proof-of-concept. For more detailed testing methodology you can refer methodology document released by ISECOM (www.isecom.org). This document helps you to some extent to understand what a penetration testing report should contain. Just my 2c. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Walter Lamagna Ten Roses Buenos Aires +54.11.4372.2250/2949 Ext.31 --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Penetration testing report, farhaanshaikh (Sep 09)
- <Possible follow-ups>
- Re: Penetration testing report, venkataramanan . as (Sep 09)
- RE: Penetration testing report, IRM (Sep 11)
- RE: Penetration testing report, Walter Lamagna (Sep 12)
- RE: Penetration testing report, IRM (Sep 11)