Penetration Testing mailing list archives

Re: Security Audit

From: H C <keydet89 () yahoo com>
Date: Wed, 12 Sep 2001 17:49:38 -0700 (PDT)

For the most part, I agree with Ben's comments.  For
completeness, a system can be as secure as possible if
a vulnerability assessment of that system is
conducted, and that information is then used to launch
a "full disclosure pen-test" or perhaps more
appropriately, a "verification analysis".

However, like anything else, this is only a snapshot
of the system in time.  We then get into the change
control/management process, and where verification
testing fits in such a process.

But any "analysis" process should include external
verification - ie that
the box is doing what you told it to do, right?

This is quite distinct from the traditional pen-test
in that it isn't blind.

I think that to create the most secure system
possible, blind pen-testing is
a waste of time -



__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Security Audit, (continued)
- - Re: Security Audit bacano (Sep 10)
    - How to discover FW-1 management module or GUI? Carmelo Floridia (Sep 12)
    - Re: How to discover FW-1 management module or GUI? Sheik Abdulla (Sep 13)
    - Re: How to discover FW-1 management module or GUI? Alex Butcher (Sep 13)
    - Re: How to discover FW-1 management module or GUI? Michael Batchelder (Sep 14)
    - Re: How to discover FW-1 management module or GUI? Gareth Bromley (Sep 23)
    - Re: How to discover FW-1 management module or GUI? The Crocodile (Sep 16)
    - Re: How to discover FW-1 management module or GUI? Penetration Testing (Sep 16)
- Re: Security Audit H Carvey (Sep 12)
  - Re: Security Audit R. DuFresne (Sep 12)
    - Re: Security Audit H C (Sep 13)
    - Re: Security Audit R. DuFresne (Sep 13)
    - Re: Security Audit H C (Sep 13)
    - Industry Definitions... possible? was Re: Security Audit Don Bailey (Sep 14)
  - Re: Security Audit Phil Cracknell (Sep 14)
    - Re: Security Audit bacano (Sep 16)
    - RE: Security Audit Dom De Vitto (Sep 18)
- Re: Security Audit H C (Sep 16)
  - Re: Security Audit bacano (Sep 17)