Penetration Testing mailing list archives
RE: Security Audit
From: "Ogle Ron (Rennes)" <OgleR () thmulti com>
Date: Thu, 6 Sep 2001 20:06:46 +0200
Then maybe someone should define what the components are for a standard penetration test, a vulnerability assessment, and a security audit. This document then should be published as a security community approved standard as either an RFC under the IETF or through some other recognized organization. My .02 Ron Ogle Thomson multimedia Rennes, France
-----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Wednesday, September 05, 2001 9:12 PM To: Todd Ransom Cc: pen-test () securityfocus com Subject: Re: Security Audit Anyone claiming that their pen test, vuln assessment, or security audit consists merely of running nessus and or nmap and producing a reporrt and final results is a charleton, and does the security industry a dis-service. Yet, I have seen, in practice, both outside consultants, hired guns from the outside and supposedly 'trained' professionls <CISSP!> within the corporate sector do merely this and stamp "certified secure" across organizations. A "test, assessment, or audit" are more akin to remodeling, then ne home building and remodeling, having done lots of it over time, I can safely state, is -=dirty work=-. When you rip open a wall, one is sometimes amazed, as well as disenheartened at what they find behind the sheetrock and plaster. Thanks, Ron DuFresne
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit, (continued)
- Re: Security Audit bacano (Sep 06)
- RE: Security Audit PM Systems - Rick Woehler (Sep 05)
- Re: Security Audit H Carvey (Sep 06)
- RE: Security Audit Filer, Eddie (ZA - Johannesburg) (Sep 06)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
- Re: Security Audit Erik Tayler (Sep 06)
- Re: Security Audit Renaud Deraison (Sep 07)
- Re: Security Audit Justin Stanford (Sep 07)
- Re: Security Audit bacano (Sep 10)
- RE: Security Audit Roberts, Kevin S (Sep 06)
- RE: Security Audit Ogle Ron (Rennes) (Sep 06)
- Re: Security Audit bluefur0r bluefur0r (Sep 06)
- Re: Security Audit Rob J Meijer (Sep 07)
- RE: Security Audit Aleksander Czarnowski (Sep 07)
- RE: Security Audit Ogle Ron (Rennes) (Sep 10)
- Re: Security Audit H Carvey (Sep 10)
- Re: Security Audit bacano (Sep 10)
- How to discover FW-1 management module or GUI? Carmelo Floridia (Sep 12)
- Re: How to discover FW-1 management module or GUI? Sheik Abdulla (Sep 13)
- Re: How to discover FW-1 management module or GUI? Alex Butcher (Sep 13)
- Re: How to discover FW-1 management module or GUI? Michael Batchelder (Sep 14)
- Re: Security Audit bacano (Sep 10)