Penetration Testing mailing list archives
Re: Fwd: Penetration test of 1 IP address
From: Justin Seitz <jseitz () crossflux com>
Date: Thu, 02 Mar 2006 02:13:31 -0800
It's really not that surprising. Recently, I had a friend who is a co-owner in a web development/design company, who also host their own small Debian network. I had spent some time teaching him the ins and outs of the linux shell, how to use iptables, some basic networking, etc. Not a week later, he was phoning me to ask if I could help him to a penetration test on one of his clients. I was apalled to find out that the client had asked him if they could test the "security" of the boxes on his network, and they agreed that they could. It's rather frightening, even though I am not a professional pen-tester, to hear that anyone and their dog with some command line access, who can download and install Nessus, are offering penetration testing. It makes you wonder why those of us who are interested in creative software exploits, network hardening, etc. for the greater good and knowledge of the public domain, are getting bad raps. <advice>If the closest thing to security knowledge is getting all your help from a mailing list, I would stop offering pen-tests, fess up to your boss, setup a home linux box and put on a pot of coffee</advice> JS Brian Loe wrote:
Every time I see one of these e-mails the first question that pops into my mind is, "where do I get a customer like that?!" The second thing that pops into my mind is that it can't be a "real" job - that its most likely some high school kid who wants to be famous, but not smart enough to figure out how. I'm not a security "expert". I've never done a pen test. However, everything that has been suggested, I already knew how to do - and would have known to do it. On 2/9/06, Levenglick, Jeff <JLevenglick () fhlbatl com> wrote:That's right.. Legal software. I wonder what would happen if this person was not legit and The company found out that all of the people on this list helped him? Or better yet. (as I stated before) This person does not have the background or knowledge to give this company------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address, (continued)
- RE: Penetration test of 1 IP address Anders Thulin (Feb 09)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 09)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 09)
- RE: Penetration test of 1 IP address Clemens, Dan (Feb 09)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 10)
- Re: Penetration test of 1 IP address thomas springer (Feb 10)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 09)
- Message not available
- Fwd: Penetration test of 1 IP address Brian Loe (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Justin Seitz (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address Beau Mersereau (Feb 09)
- RE: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address pagvac (Feb 09)
- RE: Penetration test of 1 IP address Navroz Shariff (Feb 09)
- Re: Penetration test of 1 IP address Ratna Kumar (Feb 10)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 10)
- Re: Penetration test of 1 IP address Bob Radvanovsky (Feb 10)
- RE: Penetration test of 1 IP address Michael Gargiullo (Feb 10)
- Re: Penetration test of 1 IP address pagvac (Feb 11)