Penetration Testing mailing list archives
Re: nessus exceptions
From: Stefano Zanero <stefano.zanero () ieee org>
Date: Tue, 10 Aug 2004 18:46:38 +0200
FocusHacks wrote:
Indeed, most pen-testers will disclose what tools they use and the raw output of these tools if you ask. Especially if you let them know before the testing starts, that you'll want this information. It would be sad if your assessment team is doing little more than cleaning up and adding documentation to a nessus scan report. :(
It seems to me that we are mixing up again two VERY different things: vulnerability assessment and pen-testing.
If a pen-testing company just uses nessus it shouldn't be difficult to spot, because nessus is NOT going to give out a pen-test report, in no way :)
So we have to assume that we are talking about VULNERABILITY ASSESSMENT companies... and the question actually is, how many of the "commercial vulnerability scanners" out there are not actually based on Nessus ? :)
Stefano
Current thread:
- nessus exceptions Chris Griffin (Aug 03)
- RE: nessus exceptions Jerry Shenk (Aug 03)
- Re: nessus exceptions Andres Riancho (Aug 03)
- Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- Re: nessus exceptions Pete Herzog (Aug 05)
- <Possible follow-ups>
- Re: nessus exceptions Chris McNab (Aug 05)
- Re: nessus exceptions H Carvey (Aug 05)
- RE: nessus exceptions Strand, John (Aug 09)