Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Small Network Pen Testing

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Sat, 04 Nov 2006 14:28:00 +0100
Rocky wrote:


they wanted me to pen testing their network and i did


1) it is unethical to pen test a network you designed, because you
already know what you will find, you already know the internals, so what
kind of "penetration test" are you doing ?


using purely nmap.


2) Selling an nmap scan as a pen test is even worse than unethical.


Is there any simple and precise method for pen testing
small network?


This process is composed of 2 steps
1) evaluate if a penetration test is really needed (it sounds as it
probably isn't) and then
2) have your customer hire someone else than yourself, who can also in
fact do a penetration test

Sorry for the bluntness.

Stefano

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: