Penetration Testing mailing list archives
RE: Email Pen-testing
From: "Reava, Jeffrey" <jeffrey.reava () pfizer com>
Date: Tue, 23 Mar 2004 11:18:13 -0500
Great point. I would also add that at the end of the day, the company being tested has a very practical assessment of whether they are an "easy" or "hard" target, (ideally) based on the full range of attack choices available. It seems though that the bounds of pen testing are defined more in terms of what the company being tested is willing to consider correcting, rather than what the tester is able to exploit.
...You're not looking to resemble reality, and not just because the
reality is a bad bad thing...it's not a level playing field, but that didn't start when the pen-tester notified the company; it started when the company hired them and promised not to prosecute them for breaking in :) ------------------------------------------------------------------------ --- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- RE: Email Pen-testing, (continued)
- RE: Email Pen-testing Mike Sues (Mar 22)
- Re: Email Pen-testing Joe Blatz (Mar 22)
- Re: Email Pen-testing Al Smolkin (Mar 22)
- Re: Email Pen-testing Andreas (Mar 22)
- Re: Email Pen-testing Michael Richardson (Mar 22)
- Re: Email Pen-testing Rainer Duffner (Mar 23)
- Re: Email Pen-testing hwertz (Mar 22)
- RE: Email Pen-testing Reava, Jeffrey (Mar 22)
- RE: Email Pen-testing Eric McCarty (Mar 22)
- FW: Email Pen-testing Intel96 (Mar 22)
- RE: Email Pen-testing Reava, Jeffrey (Mar 23)