Penetration Testing mailing list archives
Re: Small Network Pen Testing
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Sat, 04 Nov 2006 14:28:00 +0100
Rocky wrote:
they wanted me to pen testing their network and i did
1) it is unethical to pen test a network you designed, because you already know what you will find, you already know the internals, so what kind of "penetration test" are you doing ?
using purely nmap.
2) Selling an nmap scan as a pen test is even worse than unethical.
Is there any simple and precise method for pen testing small network?
This process is composed of 2 steps 1) evaluate if a penetration test is really needed (it sounds as it probably isn't) and then 2) have your customer hire someone else than yourself, who can also in fact do a penetration test Sorry for the bluntness. Stefano ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Small Network Pen Testing Rocky (Nov 03)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)
- Re: Small Network Pen Testing Rocky (Nov 06)
- <Possible follow-ups>
- RE: Small Network Pen Testing Michael Scheidell (Nov 04)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)