Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Grade

From: JD Lampard <jdlampard () yahoo com>
Date: Thu, 6 Dec 2007 14:49:45 -0800 (PST)
A points system is what I use... 0 (worst) - 10
(best).  Then a overall percentage is given which
helps people put the score into perspective easily. 
However, this can also be misleading... let's say test
by test you get 10 except for a couple tests for
router, firewall, and IDS for which you get very bad
scores.  Looking at the overall score gives a false
sense of security to the casual reporter reader.

Hope this helps.

--- 11ack3r <11ack3r () gmail com> wrote:


Hi,

Is there a security criteria or matrix against which
we could grade
customer's pen test results? Like assigning them
grade between A to E
or 1 to 10.

*.*



------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads


------------------------------------------------------------------------







      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: