From: Rob Shein (shoten@starpower.net)
Date: Fri Mar 07 2003 - 15:03:15 EST
Vulnerability scanning and penetration testing are largely confused with
each other, and differ in a couple of different ways. One, penetration
testing does indeed usually seek to "bust root" on a server or network from
the outside. Vulnerability scanning doesn't go this far, but instead seeks
to enumerate all possible vulnerabilities related to configuration
(including what the firewall lets through) and _known_ weaknesses in
software. Penetration testing is almost always done from outside a network,
as a hacker would likely be, while vulnerability scanning is often done
locally as well as remotely.
As for tools, vulnerability scanning usually relies heavily on one or more
of a tool that scans for many different things, while pen-testing usually
uses any of the numerous more specialized tools (like buffer overflow
exploit code, for example), and you never know what tools you're going to
use until you're done. It's a bit like a car mechanic going into work...he
doesn't know what cars he's going to see that day yet, or what needs to be
done to them, so he doesn't know what tools he'll use for the most part.
He'll almost assuredly be using a socket wrench (or nmap), but he might not
be needing his special-use spanner (or fragroute).
Finally, there's nothing unethical in of itself about using exploit code.
The ethics are about HOW you use it, and WHY. If your client is fully aware
that you are going to break in, and they are comfortable with the potential
downtime resulting from a buffer overflow, for example, then it's not much
of a problem. If you surprise them by taking a box or service down
accidentally though, without having let them know that it might happen (and
without planning for this possibility), then that's not so good.
> -----Original Message-----
> From: Rizwan Ali Khan [mailto:rizwanalikhan74@yahoo.com]
> Sent: Friday, March 07, 2003 1:08 AM
> To: pen-test@securityfocus.com
> Subject: Penetration Testing or Vulnerability Scanning?
>
>
> When usually we talk about penetration testing tools,
> people mosly
> refer to Vulnerability Scanners like iss, typhon,
> nessus, cybercop etc.
>
>
> However penetration testing tools are those who
> penetrate as well, the
> above scanners do not do that.
>
>
> One needs to have a working version of SSH exploit for
>
> the SSH
> vulnerability detected by the vulnerability scanner,
> so is it necessary for
> penetration tester to have access to the latest of
> underground exploit? or
> could all this be done in an ethical manner too?
>
>
> please guide I am so confused between two of these
> methodologies.
>
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report? Manage the
entire remediation process with StillSecure VAM's Vulnerability Repair
Workflow. Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT