Re: Vulnerability Assessment vs. PenTest

From: lakshminarayanan79@yahoo.com
Date: Mon Aug 21 2006 - 00:14:36 EDT

Next message: Marios A. Spinthiras: "Penetration Testing - Human Factor"
Previous message: Arian J. Evans: "RE: Vulnerability Assessment vs. PenTest"
Maybe in reply to: James Harless: "Vulnerability Assessment vs. PenTest"
Next in thread: Marco Ivaldi: "Re: Vulnerability Assessment vs. PenTest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) VAs still have values. For example, when an security admin want to know the threat level of the network, VA provides information about various vulnerable machines and ports. As you said, VAs do not exploit the vulnerability.

But Pen.Test do exploit the vulnerabilities and have to be done carefully. Pen. Test is not as frequent as VAs. Because during pentest, assets are attacked and security is compromised. But during VAs it is simply studying the current security posture.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Next message: Marios A. Spinthiras: "Penetration Testing - Human Factor"
Previous message: Arian J. Evans: "RE: Vulnerability Assessment vs. PenTest"
Maybe in reply to: James Harless: "Vulnerability Assessment vs. PenTest"
Next in thread: Marco Ivaldi: "Re: Vulnerability Assessment vs. PenTest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:46 EDT