Penetration Testing mailing list archives
Re: Security Audit
From: "Todd Ransom" <transom () extremelogic com>
Date: Thu, 6 Sep 2001 12:24:20 -0400
Thanks to everyone who replied to my question. I'm looking to start a security consulting practice and this has been very helpful. It seems like the bulk of the job is checking for and possibly exploiting known vulnerabilites. Although I'm sure I will end up doing plenty of this, I'm more interested in auditing architecture/implementation and attempting to exploit currently unknown problems. Is the market ready for someone to offer this type of service? For example, will the market pay for a consultant to come in and test a web site for cross-site scripting problems? Use of dangerous server side objects (I'm thinking COM objects in ASP script)? Evaluate corporate browser or mail client deployments? This type of analysis would have to be far more expensive because it would take considerable expertise and possibly large amounts of time. It sounds like a pen test could sometimes include this type of activity. thanks, TR ----- Original Message ----- From: "Bill Pennington" <billp () boarder org> To: "Todd Ransom" <transom () extremelogic com> Cc: <pen-test () securityfocus com> Sent: Thursday, September 06, 2001 11:31 AM Subject: Re: Security Audit
Todd Ransom wrote:What is the difference between vuln assessment and pen test?
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit H Carvey (Sep 04)
- <Possible follow-ups>
- RE: Security Audit Christopher Ray (Sep 04)
- RE: Security Audit Aleksander Czarnowski (Sep 04)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)
- Re: Security Audit Jonathan Rickman (Sep 07)
- Re: Security Audit Philipp Buehler (Sep 06)
- Re: Security Audit bacano (Sep 06)
- Re: Security Audit bacano (Sep 05)
- Re: Security Audit JCovington (Sep 05)
- Re: Security Audit bacano (Sep 06)