Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why Penetration Test?

From: Brahman Thiyagalingham <adsl5rlp () tpg com au>
Date: Sun, 12 Jun 2005 09:19:54 +1000
Hi all,
my take on this situation is that Scenario A will have the most usefulness to the company because it allows them to implement a cost effective security solution based on organisational risk rather than simply putting in something based on the reccomendation of a consultant.
This is my take on the matter and am happy to discuss this further with anyone. 

Regards

Brahman
brahmant () tpg com au

tarunthenut () gmail com wrote:
I was wondering the usefulness of a penetration testing against vulnerability assessment for a company. 
Scenario A
Cosultant "A  is employed to perform a vulnerability assessment and the result is tabulated based on the business risk 
these vulnerabilities pose.

Scenario B
Cosultant "B is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 5 
vulnerabilities.

Scenario C
Cosultant "C" is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 7 
vulnerabilities.
Which scenario would have more usefulness to the company? it is ovbious that the result of a PT would depend and vary from skill of a consultant to another?
Previous By Date Next
Previous By Thread Next

Current thread: