Penetration Testing mailing list archives
Re: [PEN-TEST] Cost of Penetration Testing
From: H Carvey <keydet89 () YAHOO COM>
Date: Tue, 12 Sep 2000 16:45:37 -0000
Rather than asking for more information, I'd like to suggest that you take a different approach to what you're doing.... First of all, what policies do you have available? Any overall corporate vision or guidance regarding information security or the protection of information assets? A good information security plan relies on the foundation provided by policies. What procedures, processes, and standards do you have in place? Do you have configuration standards for servers? How about a documented process for rolling out changes to either the servers, or the web content? What monitoring do you currently have in place? What logs are being kept, and what's being done with them? I would suggest to you that perhaps an internal, cooperative vulnerability assessment is more in order. Such an activity will reveal much more information than a penetration test...b/c not only will the assessment (or audit, depending upon your terminology) review the current configuration of all network devices...routers, switches, firewalls, web servers, operating systems...but should also include a look at your policies and procedures. The only real purpose of a penetration test is to test your incident response capability. If you're looking for some sort of verification of your "hackerproofness", don't go with a penetration test...very few companies do them right. What you'll get is a determination of how resistant you are to script kiddies, followed by the recommendation that you get an internal vulnerability audit. Carv
Current thread:
- [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Cost of Penetration Testing H Carvey (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
- Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
- [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
(Thread continues...)