Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nessus exceptions

From: "DokFLeed.Net" <dokfleed () dokfleed net>
Date: Wed, 4 Aug 2004 09:19:29 +0400
This is a very bad practice,
First it is unethical , coz you actually added a Vulnerability to your
company, despite that fact that its ONLINE, where it can be used by
non-indented audience :)

What you should do is, ask the Pen-Tester for the Remediation reports, and
to use at least 3 different tools ( there are 4+ free good tools)  if you
are paying them good then ask for the commercial originally generated report
by the tool. but testing with tools is not enough, so

they have to offer you their methodology and approach in general before they
sign NDA and you sign POA
attached to the same contract.

That almost work on all cases



=========================
----- Original Message -----
From: "Chris Griffin" <cgriffin () dcmindiana com>
To: <pen-test () securityfocus com>
Sent: Monday, August 02, 2004 10:58 PM
Subject: nessus exceptions



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,
Im trying to find some good holes, that aren't major security issues,
that i can create on a machine to see if our testing company really
uses anything other than nessus.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
cC69CeYr16OsfuYu6u1oe8U=
=bGZi
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: