Penetration Testing mailing list archives
Re: Pen Test vs. Health Check
From: danielrm26 <danielrm26 () yahoo com>
Date: Tue, 27 Jan 2004 06:24:07 -0500
I am by no means an expert in this subject, but it seems to me that one major difference between a pen-test and a vulnerability assessment is the pen-test is designed to come from a cracker's perspective, and the tester is encouraged to actually attempt to enter systems using real exploits. In a vulnerability assessment, on the other hand, the touch seems to be lighter -- with the focus being on a report of the various areas that need improvement. An illustration:
Pen-Test Guy: "Look what I could have done to your network." // more inflamitory Vulnerabilty Assessment Guy: "Here are some areas you need to work on." // more academic
In short, pen-tests are more cutting edge and sexier. They are asked for when the company is *very* serious about their security and have a vested interest in knowing what an attacker could potentially do on their network from the outside. I should also note that I think that the pen-test requires quite a bit more skill than a vulnerability assessment. I, for example, could probably do a decent vunlerabilty assessment for a small to medium sized company, but I don't feel my skills are far enough along to do pen-testing yet.
Regards, -danielrm26 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Pen Test vs. Health Check Andy Cuff (Jan 25)
- Re: Pen Test vs. Health Check Nexus (Jan 25)
- RE: Pen Test vs. Health Check Robert E. Lee (Jan 26)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- RE: Pen Test vs. Health Check Rob Shein (Jan 26)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 27)
- Re: Pen Test vs. Health Check danielrm26 (Jan 28)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 28)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- <Possible follow-ups>
- Re: Pen Test vs. Health Check Don Parker (Jan 26)
- RE: Pen Test vs. Health Check Yvan Boily (Jan 26)
- RE: Pen Test vs. Health Check Thompson, Jimi (Jan 26)