Security Basics mailing list archives
RE: Penetration testing report,
From: "IRM" <irm () iinet net au>
Date: Sun, 10 Sep 2006 11:46:31 +1000
I would argue that 80% of the cases we found that there is a vulnerability exist in the system but we couldn't exploit them because there in no public exploit around. What would you do about it? I mean it is easy to say that this code is buggy and to patch it but whether we can exploit them or not is another thing. What do you guys think? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of venkataramanan.as () gmail com Sent: Saturday, September 09, 2006 9:55 PM To: security-basics () securityfocus com Subject: Re: Penetration testing report, John, Scanning and patch assessment is just vulnerability assessment. Penetration testing is one step ahead of this where the vulnerabilities identified in vulnerability assessment are exploited for proof-of-concept. For more detailed testing methodology you can refer methodology document released by ISECOM (www.isecom.org). This document helps you to some extent to understand what a penetration testing report should contain. Just my 2c. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Penetration testing report, farhaanshaikh (Sep 09)
- <Possible follow-ups>
- Re: Penetration testing report, venkataramanan . as (Sep 09)
- RE: Penetration testing report, IRM (Sep 11)
- RE: Penetration testing report, Walter Lamagna (Sep 12)
- RE: Penetration testing report, IRM (Sep 11)