Penetration Testing mailing list archives
Re: Pen testing techniques
From: v3nd3rs5uck <ntpeck () yahoo com>
Date: Thu, 10 Apr 2008 13:21:38 -0700 (PDT)
I Agree with an earlier reply, don't EVER say they have no vulnerabilities. There's always vulnerabilities its whether you and your tools find them or not. Reading Book: The Manager's Guide to Becoming Great --- On Wed, 4/9/08, Atif Azim <azim.atif () gmail com> wrote:
From: Atif Azim <azim.atif () gmail com> Subject: Pen testing techniques To: pen-test () securityfocus com Date: Wednesday, April 9, 2008, 12:48 PM Hello, I am new to pen testing and am currently involved in doing an external pen test for one of our clients.We are doing it through Core Impact.Reconnaisance showed only port 80 as open and the web server running IIS 6.0.Core Impact did not find any vulnerabilities in the server and hence was unable to penetrate.The web application was also tested for SQL Injection and PHP remote file inclusion and did not find any vulnerabilities there either. My question is what else can we do besides relying on Core Impact for this pen test.And what impression can a client get if we say to them that there are no vulnerabilites in your network or web app.Its dificult to digest something like that for a security specialist that everythings alright. Looking forward to some great views.Thanks. Regards, Atif Azim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Pen testing techniques, (continued)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- RE: Pen testing techniques Jason (Apr 12)
- Re: Pen testing techniques Nathan Sportsman (Apr 12)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- Re: Pen testing techniques intel96 (Apr 09)
- get MD5-Hash from /etc/shadow file markus sesser (Apr 11)
- Re: get MD5-Hash from /etc/shadow file Razi Shaban (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Larry Offley (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Morgan Reed (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Peter Kosinar (Apr 14)
- Re: Pen testing techniques Rafael Nuñez (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- Re: Pen testing techniques Tommy May (Apr 09)