Penetration Testing mailing list archives
RE: Pen Test vs. Health Check
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 26 Jan 2004 14:45:24 -0500
A Pen Test is only as good as the testers and is only a snapshot. However, a network that has been secured from the inside out, with a solid secure foundation should stand the test of time, even if it is compromised the attacker may not be able to roam freely and all their actions should be recorded.
There's another factor, which is the way that a pen-tester becomes engaged by a weak point. In an assessment, a vulnerability is noted, and the tester moves on, but in a pen-test, they engage that vulnerability, and follow it like the beginning of a path into the network. Later, they can go back to the starting point and find another path, but it's still like trying to map the paths through the woods on foot; it's possible to miss one. On the other hand, an assessment is more like mapping them from a low-flying aircraft. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Pen Test vs. Health Check Andy Cuff (Jan 25)
- Re: Pen Test vs. Health Check Nexus (Jan 25)
- RE: Pen Test vs. Health Check Robert E. Lee (Jan 26)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- RE: Pen Test vs. Health Check Rob Shein (Jan 26)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 27)
- Re: Pen Test vs. Health Check danielrm26 (Jan 28)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 28)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- <Possible follow-ups>
- Re: Pen Test vs. Health Check Don Parker (Jan 26)
- RE: Pen Test vs. Health Check Yvan Boily (Jan 26)
- RE: Pen Test vs. Health Check Thompson, Jimi (Jan 26)