Penetration Testing mailing list archives
Re: Limited vs full blown testing
From: El C0chin0 <mr.nasty () ix netcom com>
Date: 24 Jun 2004 20:59:42 -0000
In-Reply-To: <6.1.1.1.2.20040624125700.03d1cc60 () pop3 officemail easynet co uk> I can only hope the moderator of this fourm allows my post. Not much luck in the past. After reviewing several pen testing contracts I have mixed feelings. First of all, most people seem to confuse auditing, vulnerability testing and penetration testing. Even within discussions here, there doesn't seem to be a clear definition amongst the tribe as to what does what. As an ex-Information Systems Security Auditor for a large government agency, a Chief Informatiion Security Officer, a Security Specialist, and a CISSP, CISA and CISM, I think I've seen all three angles. Auditing systems should analyze gathered information from the inside. This should then create a network topology that you can compare with their network topology. This will also provide you with enough information to compare against their current security policies. Vulnerability testing the analysis of the audit information against attack types. Scans/probes against the systems both from the inside and outside. But no penetration. Penetration testing is the act of penetrating a system. Breaking into it using what ever tools are available. Not some propritary software. That's bogus. So, if you run a syn flood against a system what are you looking for? Incident response? That's not penetration testing. Are you looking to shut down the firewall and by pass logging? That's penetration testing. So before you folks eagely go about your business of using these words interchangably stop and think. When I see you across the table trying to sell me on your prowness as a Uber Haxor, you don't impress me when you mix the context of these different tests. btw, what would running a dos against the system that a configuration audit wouldn't prevent? Patch and harden the system and chances are you bypass the dos. Test the application against buffer over flow and you bypass the dos. So why is running a dos against an unpatched unharden system supposed to make you more points? Hacking is the easy part. Before you hack you need to know what countermeasures to recommned and first determine if those countermeasures are in place.
Current thread:
- RE: Limited vs full blown testing, (continued)
- RE: Limited vs full blown testing Jerry Shenk (Jun 24)
- Re: Limited vs full blown testing Richard Rager (Jun 24)
- Re: Limited vs full blown testing Peter Wood (Jun 24)
- Re: Limited vs full blown testing R. DuFresne (Jun 24)
- RE: Limited vs full blown testing Jerry Shenk (Jun 27)
- RE: Limited vs full blown testing R. DuFresne (Jun 27)
- Re: Limited vs full blown testing R. DuFresne (Jun 24)
- Re: Limited vs full blown testing Martin Mačok (Jun 25)
- RE: Limited vs full blown testing Markowsky, Tyler (Jun 27)
- RE: Limited vs full blown testing Bénoni MARTIN (Jun 24)
- RE: Limited vs full blown testing Martin Murray-Brown (Jun 24)
- Re: Limited vs full blown testing El C0chin0 (Jun 24)
- IE caching issue jatkinson (Jun 27)
- Re: IE caching issue Daniel Staal (Jun 28)
- IE caching issue jatkinson (Jun 27)
- RE: Limited vs full blown testing Thompson, Jimi (Jun 27)
- RE: Limited vs full blown testing Wayne Wooley (Jun 27)
- RE: Limited vs full blown testing R. DuFresne (Jun 27)
- RE: Limited vs full blown testing Alan Davies (Jun 27)
- RE: Limited vs full blown testing Martin Murray-Brown (Jun 28)