Penetration Testing mailing list archives

RE: Business justification for pentesting

From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 1 Sep 2005 06:41:07 +1000

What you ask for is a TRA - Threat Risk Analysis
 
This is not a pen test. This involves the classification and valuation of assets, a completion of a vulnerability 
assesssment, an impact analysis. etc etc
 
Even the Vulnerability assesssment is more involved than a pen test.
 
Craig

        -----Original Message----- 
        From: Irene Abezgauz [mailto:irene.abezgauz () gmail com] 
        Sent: Wed 31/08/2005 6:33 PM 
        To: sectraq () gmail com 
        Cc: pen-test () securityfocus com 
        Subject: Re: Business justification for pentesting

Current thread:

RE: Business justification for pentesting Craig Wright (Sep 01)
- <Possible follow-ups>
- Re: Business justification for pentesting Leveque, Vincent E. (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 01)
  - Re: Business justification for pentesting Kevin Reiter (Sep 02)
- RE: Business justification for pentesting Steve Manzuik (Sep 01)
- RE: Business justification for pentesting Vic N (Sep 01)
- RE: Business justification for pentesting Kyle Starkey (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 02)
  - RE: Business justification for pentesting Vic N (Sep 02)
- RE: Business justification for pentesting Michael Gargiullo (Sep 02)
- RE: Business justification for pentesting Craig Wright (Sep 05)

(Thread continues...)