From: Stefano Zanero (s.zanero@securenetwork.it)
Date: Sat Nov 04 2006 - 08:28:00 EST
Rocky wrote:
> they wanted me to pen testing their network and i did
1) it is unethical to pen test a network you designed, because you
already know what you will find, you already know the internals, so what
kind of "penetration test" are you doing ?
> using purely nmap.
2) Selling an nmap scan as a pen test is even worse than unethical.
> Is there any simple and precise method for pen testing
> small network?
This process is composed of 2 steps
1) evaluate if a penetration test is really needed (it sounds as it
probably isn't) and then
2) have your customer hire someone else than yourself, who can also in
fact do a penetration test
Sorry for the bluntness.
Stefano
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:17 EDT