Penetration Testing mailing list archives

Re: Cross testing exploit with vulnerability scan results

From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Sat, 28 Jul 2007 09:34:59 -0700

I've been conducting pen tests since 4 yrs now... the methodology I
follow is that we exploit or attempt to exploit ONLY those
vulnerabilities that a vulnerability scanner identifies.


your not a pentester... your a vulnerability scanner kiddi...
nothing more, nothing less.

Nearly 100% of my successfull pentest were
from flaws not uncovered by a vuln scan, found
by manual techniques.

cheers!
m.w

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Cross testing exploit with vulnerability scan results Chroot (Jul 27)
- Re: Cross testing exploit with vulnerability scan results John M. Martinelli (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Morning Wood (Jul 28)
  - Re: Cross testing exploit with vulnerability scan results Jan Heisterkamp (Jul 28)
  - Re: Cross testing exploit with vulnerability scan results Chroot (Jul 28)
    - Re: Cross testing exploit with vulnerability scan results Christine Kronberg (Jul 29)
- RE: Cross testing exploit with vulnerability scan results Steve Armstrong (Jul 28)
  - RE: Cross testing exploit with vulnerability scan results Sol_Invictus (Jul 28)
    - Re: Cross testing exploit with vulnerability scan results Chroot (Jul 30)
    - Looking to set up an infosec lab John M. Martinelli (Jul 30)
- Re: Cross testing exploit with vulnerability scan results Anders Thulin (Jul 29)
  - Re: Cross testing exploit with vulnerability scan results jussi jaakonaho (Jul 29)