Penetration Testing mailing list archives
Re: Why Penetration Test?
From: "Daniel Reynaud-Plantey" <reynaud.danyel () wanadoo fr>
Date: Sat, 11 Jun 2005 10:35:22 +0200
Hello everybody,In my mind a pen-test and a vulnerability assessment address different problems. The vulnerability assessment should help _defining_ the security policy of the company/organisation/association and balancing the risk with the associated cost. On the other hand, a PT should be considered as a check for the _implementation_ of the security policy. *
And of course a PT depends on the skills of the tester, but if he can't break it might have two meanings :
1/ You're reasonably secure. or 2/ You hired a former clown.The PT report should highlight the actions undertaken by the testing team, confirming or not option 2.
Best regards,Daniel Reynaud-Plantey
Current thread:
- Why Penetration Test? tarunthenut (Jun 10)
- Re: Why Penetration Test? Terry Vernon (Jun 10)
- RE: Why Penetration Test? Erin Carroll (Jun 10)
- Re: Why Penetration Test? Brahman Thiyagalingham (Jun 10)
- Re: Why Penetration Test? cbc (Jun 10)
- Re: Why Penetration Test? Daniel Reynaud-Plantey (Jun 11)
- Re: Why Penetration Test? Amit (Jun 12)
- Re: Why Penetration Test? cbc (Jun 10)
- Re: Why Penetration Test? Rob Havelt (Jun 11)
- Re: Why Penetration Test? Petr . Kazil (Jun 11)
- Re: Why Penetration Test? Matt Curtin (Jun 20)
- <Possible follow-ups>
- RE: Why Penetration Test? DUBRAWSKY, IDO (CALLISMA) (Jun 10)
- RE: Why Penetration Test? Tony Tulio (Jun 10)
- Re: Re: Why Penetration Test? tarunthenut (Jun 13)
- Re: Why Penetration Test? Terry Vernon (Jun 13)
- Re: Why Penetration Test? Gareth Davies (Jun 13)
- Re: Why Penetration Test? Tarun The Nut (Jun 14)
(Thread continues...)