Security Basics mailing list archives
Re: Vuln Scan vs. Pen Test -- WAS: Re: Penetration testing books
From: HITESH PATEL <hitesh50 () yahoo com>
Date: Fri, 2 Jan 2009 09:45:19 -0800 (PST)
my personal view is: - security test that just use signature-based scanning engines is "vulnerability scnning" - security test that use such scanners as starting point and takes it further for manual testing from that point is "penetration testing" again this is my personal view -HP ----- Original Message ---- From: Rodrigo Gutierrez <replugge () gmail com> To: security-basics () securityfocus com; Jon.Kibler () aset com Sent: Friday, January 2, 2009 7:31:56 AM Subject: Re: Vuln Scan vs. Pen Test -- WAS: Re: Penetration testing books Jon, I will have to disagree with you since i believe nessus and other scanners are a part of the penetration test, since this scanners are used in the information gathering process of the penetration test, based on the information you get from these app. you decide which vulnerability you are going to exploit in order to gain access. I mean you won't reinvent the wheel, before you you share your latest 0day on someone elses honney pot, you first make sure that the well known tools are not able to find anything. I agree that a lot of conslutants dump the reports of a vulnerability scanner into a document, and bill more than the vulnerability scanner licence price for their "service" of writing the network address in a field and making a click on the "scan" button. But what can you do? when most of the people ordering this services doesn't have a clue about network security or how it is done... I used to take the time to educate my customers, tell them what they should expect and how the process it is done. Now that im no longer a consultant, some of them still call me and tell how that information has been usefull and how many crappy conslutants are out there. Doing a good job with a transparent methodology and well documented reports will always make the difference, between a good and a crappy conslutant. Kind Regards -- _____________________________ Rodrigo GutiƩrrez Burgos ITC Systems & Security Architect _____________________________
Current thread:
- Re: Vuln Scan vs. Pen Test -- WAS: Re: Penetration testing books Rodrigo Gutierrez (Jan 02)
- Re: Vuln Scan vs. Pen Test -- WAS: Re: Penetration testing books HITESH PATEL (Jan 05)