Penetration Testing mailing list archives

Re: Vulnerability vs. Pen test

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 24 Apr 2009 16:13:01 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Yes.

Thanks,

Ron DuFresne

On Wed, 22 Apr 2009, jlay () slave-tothe-box net wrote:

So part of PCI DSS requirements are for a quarterly vulnerability
assessment, and a yearly pentest.  My question is:  is Nessus considered
just a vulnerability scanning app?  Thanks.

James


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFJ8h1Qst+vzJSwZikRAjs3AKCTOSeJ4KJk8N3uC67UBanKZCvIsQCcCAzb
MoLkRt2RHerBwNw7SVAxV70=
=ciQf
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Vulnerability vs. Pen test jlay (Apr 23)
- Re: Vulnerability vs. Pen test Ulises2k (Apr 23)
- Re: Vulnerability vs. Pen test Jeffrey Walton (Apr 26)
- RE: Vulnerability vs. Pen test Nick Vaernhoej (Apr 26)
- Re: Vulnerability vs. Pen test R. DuFresne (Apr 26)
- Re: Vulnerability vs. Pen test James Lay (Apr 26)
  - Re: Vulnerability vs. Pen test bartlettNSF (Apr 27)
  - RE: Vulnerability vs. Pen test James W. Beers (Apr 30)