Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: success rate -- thanks to all

From: cwright () bdosyd com au
Date: 4 Sep 2007 23:29:35 -0000
Actually, 42 was close.

I adressed this in a preliminary article regarding research I have conducted-
http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5651

and in:
http://www.sans.org/reading_room/whitepapers/auditing/1801.php

Total System vulnerabilities - Exploitable Internally was determined at 38.51% or the control. An Audit (SANS SCORE and 
methodology) was 99.1%. So a confidence interval of (35.6,42.4) for pen test success rate - which at an alpha =5 level 
does include 42.

Regards,
Craig


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: