Penetration Testing mailing list archives
Re: Pentest Letter of Achievement/Certificate
From: Tom Van de Wiele <tom.vandewiele () gmail com>
Date: Wed, 13 Jul 2005 09:22:23 +0200
I find the concept of giving someone a certificate for resisting a penetration test very dangerous. Nothing can guarantee that after the test (especially a blind penetration test) all vulnerabilities have been found and identified. What value does your certificate have if another company comes by and finds one more hole? Then you issued a certificate that will only endanger the name and reputation of your company. What is the value then? Because of this, big companies will always have different partners when it comes to the security testing of their infrastructure. my 2 cents Tom -- Tom Van de Wiele, CISSP Security Engineer UNISKILL nv http://www.uniskill.com tom.van.de.wiele {A} uniskill.com On 7/12/05, blowfish 448 <blowfish448 () hotmail com> wrote:
Hi, any of you know if any 'standards' or accepted guidelines exist for a letter or certification of succesfull resistance to Penetration Testing/Vulnerability Assessment. Customers often demand to have a proof delivered by their Penetration Test service provider to show to their partners and customers. The idea of course is not to disclose sensitive information but to briefly describe the environment tested and how - according to which methodologies and the attack vectors tested for. Thanks in advance
Current thread:
- Re: Pentest Letter of Achievement/Certificate, (continued)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 14)
- Message not available
- GPRS Security dinckan (Jul 14)
- RE: GPRS Security Tonie (Jul 15)
- Re: GPRS Security Ty Bodell (Jul 15)
- Re: GPRS Security Johan Mellberg (Jul 16)
- RE: GPRS Security Sahir Hidayatullah (Jul 19)
- source code audit manoj kumar (Jul 19)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)