Penetration Testing mailing list archives
RE: Business justification for pentesting
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 2 Sep 2005 09:31:56 +1000
This is for a small visa processing site where a full audit is not required. This can not be used as a blanket statement. For larger PCI clients and issuers, an onsite audit (which is extremely detailed if done correctly) must be completed Craig -----Original Message----- From: Vic N [mailto:vic778 () hotmail com] Sent: 1 September 2005 9:04 To: sectraq () gmail com; pen-test () securityfocus com Subject: RE: Business justification for pentesting For Visa / MC PCI 1.0 specification (requirement 11.3), an annual pen test of network infrastructure and applications must take place once a year w/remediation. www.visa.com/cisp (see PCI data security standard)
hi all, a few classic question that i would appriciate any answers for. 1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such
figures?
2- are there any other means to justify pentesting for management except for $$$? 3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better. 4- any other information you guys might find helpful in justifying a pentest would be appriciated. thnx in advance for ur help. T.N
------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Business justification for pentesting Craig Wright (Sep 01)
- <Possible follow-ups>
- Re: Business justification for pentesting Leveque, Vincent E. (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 01)
- Re: Business justification for pentesting Kevin Reiter (Sep 02)
- RE: Business justification for pentesting Steve Manzuik (Sep 01)
- RE: Business justification for pentesting Vic N (Sep 01)
- RE: Business justification for pentesting Kyle Starkey (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 02)
- RE: Business justification for pentesting Vic N (Sep 02)
- RE: Business justification for pentesting Michael Gargiullo (Sep 02)
- RE: Business justification for pentesting Craig Wright (Sep 05)
- RE: Business justification for pentesting Vic N (Sep 05)
- RE: Business justification for pentesting Craig Wright (Sep 06)