Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cross testing exploit with vulnerability scan results

From: "jussi jaakonaho" <jussi () mataaratanga com>
Date: Sun, 29 Jul 2007 13:15:51 +0300
On 7/29/07, Anders Thulin <anders.thulin () sentor se> wrote:

(This is why computer penetration testing ultimately is a dead end.
Security can't rely on penetration testing for anything but reports
of bad security.)


-yup.
pentests can tell client only like "your security sucks or we are
unsure" if used for assurance on security. it can used for eyeopener
(if those still are needed). testing insicent&response processes,
monitoring function etc.
the "sucks" part is due to being able to getting in and deleting all
things from db, the "we are unsure" part is when you have all claims
that during this timeframe, with available information, exploits,
skills etc etc.

_jussi

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: