Penetration Testing mailing list archives

Re: Vulnerability Assessment vs. PenTest

From: lakshminarayanan79 () yahoo com
Date: 21 Aug 2006 04:14:36 -0000

VAs still have values. For example, when an security admin want to know the threat level of the network, VA provides 
information about various vulnerable machines and ports. As you said, VAs do not exploit the vulnerability.

But Pen.Test do exploit the vulnerabilities and have to be done carefully. Pen. Test is not as frequent as VAs. Because 
during pentest, assets are attacked and security is compromised. But during VAs it is simply studying the current 
security posture.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

RE: Vulnerability Assessment vs. PenTest, (continued)
- - - RE: Vulnerability Assessment vs. PenTest StyleWar (Aug 08)
- RE: Vulnerability Assessment vs. PenTest Bob Radvanovsky (Aug 06)
  - RE: Vulnerability Assessment vs. PenTest Omar A. Herrera (Aug 07)
- Re: Vulnerability Assessment vs. PenTest Gray Ghost (Aug 07)
- RE: Vulnerability Assessment vs. PenTest Craig Wright (Aug 09)
- RE: Vulnerability Assessment vs. PenTest David M. Zendzian (Aug 09)
- RE: Vulnerability Assessment vs. PenTest Craig Wright (Aug 09)
  - Port Listening Chris Esezobor (Aug 10)
    - RE: Port Listening Luke Walsh (Aug 10)
- Re: Vulnerability Assessment vs. PenTest harshal . mehta (Aug 10)
- Re: Vulnerability Assessment vs. PenTest lakshminarayanan79 (Aug 21)
- Re: Vulnerability Assessment vs. PenTest Marco Ivaldi (Aug 28)