Re: Pen Test success rate

[jfvanmeter () comcast net]

Is that all that is outlined in the scope of the test?  can I use social engineering and viruses/trojans? can I get 
phyical access to the site? can i leave a few usb drivers laying around? Am I allowed to DoS production machines?

I would say if I am allowed to use social engineering and leave a few usb drives laying around the site that I can get 
in.

take care and have fun --John

 -------------- Original message ----------------------
From: James Kelly <macubergeek () comcast net>
> Given this scenario: Red team pen test from the Internet with no  
> information or cooperation from IT staff.
>
> What would be a reasonable success rate of breaking in to say at  
> least DMZ machines? Of internal hosts on private network?
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------