Penetration Testing mailing list archives
Re: success rate -- thanks to all
From: cwright () bdosyd com au
Date: 4 Sep 2007 23:29:35 -0000
Actually, 42 was close. I adressed this in a preliminary article regarding research I have conducted- http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5651 and in: http://www.sans.org/reading_room/whitepapers/auditing/1801.php Total System vulnerabilities - Exploitable Internally was determined at 38.51% or the control. An Audit (SANS SCORE and methodology) was 99.1%. So a confidence interval of (35.6,42.4) for pen test success rate - which at an alpha =5 level does include 42. Regards, Craig ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- success rate -- thanks to all James Kelly (Sep 04)
- <Possible follow-ups>
- Re: success rate -- thanks to all cwright (Sep 05)