Penetration Testing mailing list archives
RE: Business justification for pentesting
From: "Vic N" <vic778 () hotmail com>
Date: Wed, 31 Aug 2005 16:03:43 -0700
For Visa / MC PCI 1.0 specification (requirement 11.3), an annual pen test of network infrastructure and applications must take place once a year w/remediation.
www.visa.com/cisp (see PCI data security standard)
hi all, a few classic question that i would appriciate any answers for.1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures?2- are there any other means to justify pentesting for management except for $$$?3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better.4- any other information you guys might find helpful in justifying a pentest would be appriciated.thnx in advance for ur help. T.N
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Business justification for pentesting Craig Wright (Sep 01)
- <Possible follow-ups>
- Re: Business justification for pentesting Leveque, Vincent E. (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 01)
- Re: Business justification for pentesting Kevin Reiter (Sep 02)
- RE: Business justification for pentesting Steve Manzuik (Sep 01)
- RE: Business justification for pentesting Vic N (Sep 01)
- RE: Business justification for pentesting Kyle Starkey (Sep 01)
- RE: Business justification for pentesting Craig Wright (Sep 02)
- RE: Business justification for pentesting Vic N (Sep 02)
- RE: Business justification for pentesting Michael Gargiullo (Sep 02)
- RE: Business justification for pentesting Craig Wright (Sep 05)
- RE: Business justification for pentesting Vic N (Sep 05)
- RE: Business justification for pentesting Craig Wright (Sep 06)