Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability Assessment vs. PenTest

From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 28 Aug 2006 13:03:05 +0200 (CEST)
Hey pen-testers,

Just a quick contribution to the old VA vs. PT discussion.

On Fri, 4 Aug 2006, James Harless wrote:
Where is the line between a Vulnerability Assessment and a PenTest? In other words, which tests do you run which identifies your assessment as a pentest rather than a VA?
You should check the "Proactive Security Square" by Pete Herzog (OSSTMM's creator). Find it here, along with a brief description of the 7 levels of security tests (starting from page 30): 

http://www.satexpo.it/pdf/SatExpo_Satellite_Security.pdf
Finally, i'd like to point out this old post of mine, about testing of attack vectors other than IP: 

http://archives.neohapsis.com/archives/sf/pentest/2005-06/0304.html

Hope this helps,

--
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: