Penetration Testing mailing list archives
Re: Security Audit
From: H C <keydet89 () yahoo com>
Date: Wed, 12 Sep 2001 17:49:38 -0700 (PDT)
For the most part, I agree with Ben's comments. For completeness, a system can be as secure as possible if a vulnerability assessment of that system is conducted, and that information is then used to launch a "full disclosure pen-test" or perhaps more appropriately, a "verification analysis". However, like anything else, this is only a snapshot of the system in time. We then get into the change control/management process, and where verification testing fits in such a process.
But any "analysis" process should include external verification - ie that the box is doing what you told it to do, right? This is quite distinct from the traditional pen-test in that it isn't blind. I think that to create the most secure system possible, blind pen-testing is a waste of time -
__________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit, (continued)
- Re: Security Audit bacano (Sep 10)
- How to discover FW-1 management module or GUI? Carmelo Floridia (Sep 12)
- Re: How to discover FW-1 management module or GUI? Sheik Abdulla (Sep 13)
- Re: How to discover FW-1 management module or GUI? Alex Butcher (Sep 13)
- Re: How to discover FW-1 management module or GUI? Michael Batchelder (Sep 14)
- Re: How to discover FW-1 management module or GUI? Gareth Bromley (Sep 23)
- Re: How to discover FW-1 management module or GUI? The Crocodile (Sep 16)
- Re: How to discover FW-1 management module or GUI? Penetration Testing (Sep 16)
- Re: Security Audit bacano (Sep 10)
- Re: Security Audit R. DuFresne (Sep 12)
- Re: Security Audit H C (Sep 13)
- Re: Security Audit R. DuFresne (Sep 13)
- Re: Security Audit H C (Sep 13)
- Industry Definitions... possible? was Re: Security Audit Don Bailey (Sep 14)
- Re: Security Audit bacano (Sep 16)
- RE: Security Audit Dom De Vitto (Sep 18)
- Re: Security Audit bacano (Sep 17)