From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Mon Aug 28 2006 - 07:03:05 EDT
Hey pen-testers,
Just a quick contribution to the old VA vs. PT discussion.
On Fri, 4 Aug 2006, James Harless wrote:
> Where is the line between a Vulnerability Assessment and a PenTest? In
> other words, which tests do you run which identifies your assessment as
> a pentest rather than a VA?
You should check the "Proactive Security Square" by Pete Herzog (OSSTMM's
creator). Find it here, along with a brief description of the 7 levels of
security tests (starting from page 30):
http://www.satexpo.it/pdf/SatExpo_Satellite_Security.pdf
Finally, i'd like to point out this old post of mine, about testing of
attack vectors other than IP:
http://archives.neohapsis.com/archives/sf/pentest/2005-06/0304.html
Hope this helps,
-- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:51 EDT