Penetration Testing mailing list archives
Re: Pen Test Success Factors
From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Sun, 25 Nov 2007 05:52:50 -0500
Hi. The question seems be deeply related to "what is security?". In my opinion there is an important factor except vulnerabilities - information disclosure about network topology, versions of installed software which are discovered using black box testing. In case information leaks were not found, you can show your methodology of security testing, checklists. For each application you can define the vector of possible attacks and methods how to check if an application is vulnerable. Checklists for hardening software also show that system is secure enough. 2007/11/21, Attari Attari <c70n3 () yahoo co in>:
Hi List,
For a client to evaluate success of a pen test what
would go down as Key Success Factors. I spoke to one
client and he opined that more issues a pen tester
finds the more successful it is for them and
highlights the quality of tester. They also feel that
if tester has found few or no vulnerabilities, the
testers are simply no good. I know majority of testers
on this list would disagree with this, and right so.
In such a case what we as testers could communicate
acceptable success factors to the client, in priority
order?
Clone
Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- Best regards. Gleb Pakharenko. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Pen Test Success Factors Attari Attari (Nov 24)
- Re: Pen Test Success Factors Gleb Paharenko (Nov 25)
- VOIP Pen TEST harshad.mengle (Nov 26)
- Re: VOIP Pen TEST Elad Shapira (Nov 27)
- RE: VOIP Pen TEST John Babio (Nov 27)
- RE: VOIP Pen TEST harshad.mengle (Nov 27)
- RE: VOIP Pen TEST John Babio (Nov 27)
- VOIP Pen TEST harshad.mengle (Nov 26)
- Re: Pen Test Success Factors Gleb Paharenko (Nov 25)