Penetration Testing mailing list archives
Re: Cross testing exploit with vulnerability scan results
From: "jussi jaakonaho" <jussi () mataaratanga com>
Date: Sun, 29 Jul 2007 13:15:51 +0300
On 7/29/07, Anders Thulin <anders.thulin () sentor se> wrote:
(This is why computer penetration testing ultimately is a dead end. Security can't rely on penetration testing for anything but reports of bad security.)
-yup. pentests can tell client only like "your security sucks or we are unsure" if used for assurance on security. it can used for eyeopener (if those still are needed). testing insicent&response processes, monitoring function etc. the "sucks" part is due to being able to getting in and deleting all things from db, the "we are unsure" part is when you have all claims that during this timeframe, with available information, exploits, skills etc etc. _jussi ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Cross testing exploit with vulnerability scan results, (continued)
- Re: Cross testing exploit with vulnerability scan results John M. Martinelli (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Morning Wood (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Jan Heisterkamp (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Chroot (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Christine Kronberg (Jul 29)
- RE: Cross testing exploit with vulnerability scan results Steve Armstrong (Jul 28)
- RE: Cross testing exploit with vulnerability scan results Sol_Invictus (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Chroot (Jul 30)
- Looking to set up an infosec lab John M. Martinelli (Jul 30)
- RE: Cross testing exploit with vulnerability scan results Sol_Invictus (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Anders Thulin (Jul 29)
- Re: Cross testing exploit with vulnerability scan results jussi jaakonaho (Jul 29)