Penetration Testing mailing list archives

Re: Pen testing techniques

From: tommymay () comcast net (Tommy May)
Date: Wed, 09 Apr 2008 21:49:16 +0000

Does your SOW allow for you to use any means for penetration?  I would rotate my testing tools to get a balanced 
perspective, just to be sure.  Don't rule out social engineering, if its within your scope.

As far as perspective of the client is concerned, it really all depends on the purpose that the business has for 
bringing you in to conduct the test.  If its a means for measuring the effectiveness of their own processes, it 
actually might be extremely well received that there are no vulnerabilities.  A lot of times large companies will 
engage with a service like this to mark off an item on a due dilligence sort of checklist, which provides them a value 
when it comes to public confidence...etc.

If they brought you in with the expectation that you find vulnerabilitiies that have already been found, it may be back 
to the drawing board for you.

Just 2 cents... if you have more info, feel free to send it to me and I will see how I can help.

Thanks,
Tommy



 -------------- Original message ----------------------
From: "Atif Azim" <azim.atif () gmail com>

Hello,
I am new to pen testing and am currently involved in doing an external
pen test for one of our clients.We are doing it through Core
Impact.Reconnaisance showed only port 80 as open and the web server
running IIS 6.0.Core Impact did not find any vulnerabilities in the
server and hence was unable to penetrate.The web application was also
tested for SQL Injection and PHP remote file inclusion and did not
find any vulnerabilities there either.

My question is what else can we do besides relying on Core Impact for
this pen test.And what impression can a client get if we say to them
that there are no vulnerabilites in your network or web app.Its
dificult to digest something like that for a security specialist that
everythings alright.

Looking forward to some great views.Thanks.

Regards,
Atif Azim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

RE: Pen testing techniques, (continued)
- - - RE: Pen testing techniques Jason (Apr 12)
    - Re: Pen testing techniques Nathan Sportsman (Apr 12)
- Re: Pen testing techniques intel96 (Apr 09)
- get MD5-Hash from /etc/shadow file markus sesser (Apr 11)
  - Re: get MD5-Hash from /etc/shadow file Razi Shaban (Apr 12)
  - Re: get MD5-Hash from /etc/shadow file Larry Offley (Apr 12)
  - Re: get MD5-Hash from /etc/shadow file Morgan Reed (Apr 12)
  - Re: get MD5-Hash from /etc/shadow file Peter Kosinar (Apr 14)
- Re: Pen testing techniques Rafael Nuñez (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- Re: Pen testing techniques Tommy May (Apr 09)