Penetration Testing mailing list archives
Re: Government Compliance
From: "David J. Bianco" <bianco () jlab org>
Date: Thu, 16 Jun 2005 08:07:43 -0400
Dave wrote:
"... The guidance for penetration testing was reviewed at [department committee] meeting... penetration testing shall consist of [product name deleted] vulnerability scans and running [product name deleted] for cracking passwords... if this has been done AgencyX shall get credit for penetration testing...."
Of course, I think most of us on this list would agree that this
definition doesn't actually cover penetration testing. It's more like
what we typically call "vulnerability assessment" (if we're charitable).
However, there are a lot of "penetration testers" who define their job
as indicated above, so it's easy to see where this kind of confusion
comes from.
IMHO, it's probably not worth quitting your job over, but good luck to
you if you do decide to look elsewhere.
David
Current thread:
- Government Compliance Dave (Jun 16)
- Re: Government Compliance Kevin Lee (Jun 16)
- Re: Government Compliance David J. Bianco (Jun 16)
- Re: Government Compliance Diego Kellner (Jun 16)
- RE: Government Compliance Robert Hines (Jun 16)
- Re: Government Compliance Jay D. Dyson (Jun 16)
- Re: Government Compliance R. DuFresne (Jun 16)
- AW: Government Compliance Jörg Maaß (Jun 16)
- <Possible follow-ups>
- Government Compliance Security Professional (Jun 16)
- RE: Government Compliance Kasyan, Walter A (Tony) (Jun 16)
- RE: Government Compliance Smith, Michael J. (Jun 16)
- Re: Government Compliance Tim Adams (Jun 16)
- RE: Government Compliance Keith T. Morgan (Jun 16)
(Thread continues...)