Penetration Testing mailing list archives
Re: Vulnerability Assessment vs. PenTest
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 28 Aug 2006 13:03:05 +0200 (CEST)
Hey pen-testers, Just a quick contribution to the old VA vs. PT discussion. On Fri, 4 Aug 2006, James Harless wrote:
Where is the line between a Vulnerability Assessment and a PenTest? In other words, which tests do you run which identifies your assessment as a pentest rather than a VA?
You should check the "Proactive Security Square" by Pete Herzog (OSSTMM's creator). Find it here, along with a brief description of the 7 levels of security tests (starting from page 30):
http://www.satexpo.it/pdf/SatExpo_Satellite_Security.pdfFinally, i'd like to point out this old post of mine, about testing of attack vectors other than IP:
http://archives.neohapsis.com/archives/sf/pentest/2005-06/0304.html Hope this helps, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- RE: Vulnerability Assessment vs. PenTest, (continued)
- RE: Vulnerability Assessment vs. PenTest Bob Radvanovsky (Aug 06)
- RE: Vulnerability Assessment vs. PenTest Omar A. Herrera (Aug 07)
- Re: Vulnerability Assessment vs. PenTest Gray Ghost (Aug 07)
- RE: Vulnerability Assessment vs. PenTest Craig Wright (Aug 09)
- RE: Vulnerability Assessment vs. PenTest David M. Zendzian (Aug 09)
- RE: Vulnerability Assessment vs. PenTest Craig Wright (Aug 09)
- Port Listening Chris Esezobor (Aug 10)
- RE: Port Listening Luke Walsh (Aug 10)
- Port Listening Chris Esezobor (Aug 10)
- Re: Vulnerability Assessment vs. PenTest harshal . mehta (Aug 10)
- Re: Vulnerability Assessment vs. PenTest lakshminarayanan79 (Aug 21)
- Re: Vulnerability Assessment vs. PenTest Marco Ivaldi (Aug 28)
- RE: Vulnerability Assessment vs. PenTest Bob Radvanovsky (Aug 06)