Re: Pen Test Success Factors

From: Gleb Paharenko (gpaharenko@gmail.com)
Date: Sun Nov 25 2007 - 05:52:50 EST

• Next message: eladexposed@gmail.com: "Re: RE: Oracle SQL Injection vulnerability"
• Previous message: Kish Pent: "Re: PHP Exploitation"
• In reply to: Attari Attari: "Pen Test Success Factors"
• Next in thread: harshad.mengle@wipro.com: "VOIP Pen TEST"
• Reply: harshad.mengle@wipro.com: "VOIP Pen TEST"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi.

The question seems be deeply related to "what is security?".

In my opinion there is an important factor except vulnerabilities -
information disclosure
about network topology, versions of installed software which are
discovered using black box testing.

In case information leaks were not found, you can show your
methodology of security testing, checklists. For each application you
can define the vector of possible attacks and methods how to check if
an application is vulnerable. Checklists for hardening software also
show that system is secure enough.

2007/11/21, Attari Attari <c70n3@yahoo.co.in>:
> Hi List,
>
> For a client to evaluate success of a pen test what
> would go down as Key Success Factors. I spoke to one
> client and he opined that more issues a pen tester
> finds the more successful it is for them and
> highlights the quality of tester. They also feel that
> if tester has found few or no vulnerabilities, the
> testers are simply no good. I know majority of testers
> on this list would disagree with this, and right so.
>
> In such a case what we as testers could communicate
> acceptable success factors to the client, in priority
> order?
>
> Clone
>
>
> Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
Best regards.
Gleb Pakharenko.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: eladexposed@gmail.com: "Re: RE: Oracle SQL Injection vulnerability"
• Previous message: Kish Pent: "Re: PHP Exploitation"
• In reply to: Attari Attari: "Pen Test Success Factors"
• Next in thread: harshad.mengle@wipro.com: "VOIP Pen TEST"
• Reply: harshad.mengle@wipro.com: "VOIP Pen TEST"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT