RE: Pentesting tool - Commercial

From: Clint P. Garrison (garrison.clint@gmail.com)
Date: Wed Mar 05 2008 - 00:02:09 EST

• Next message: Nibin: "Re: InfoSec certification EC/BackTrack?"
• Previous message: Andre Gironda: "Re: Pentesting tool - Commercial"
• In reply to: Pete Herzog: "Re: Pentesting tool - Commercial"
• Next in thread: puppe@hisolutions.com: "AW: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for chiming in Pete. Your absolutely right. It's insulting when
people with hidden agendas inject their marketing materials as "feedback" or
"news" in this forum.

Clint P. Garrison, MBA-IA MS-IT CISSP
http://www.clintgarrison.com

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Pete Herzog
Sent: Tuesday, March 04, 2008 11:37 AM
To: Ivan Arce
Cc: pen-test
Subject: Re: Pentesting tool - Commercial

Hi,

Ivan Arce wrote:
<snip>
> Going back to the original comments about CORE IMPACT and the 'count of
> exploits' I'd like point out just that throwing numbers without
> qualifying the measurement criteria and the relevance of the methodology
> is not a very serious assessment of a product's capabilities, its
> suitability for a given use or the value it may provide to a security
> professional.

I'd like to add as a person not actually selling products or having any
commercial ties to any software tool maker that Ivan is correct here.
There are so many important variables to how a tool should work that
judging on numbers alone of something that has no clear standard for how it
should be counted is just ignorant.

-pete.
www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Nibin: "Re: InfoSec certification EC/BackTrack?"
• Previous message: Andre Gironda: "Re: Pentesting tool - Commercial"
• In reply to: Pete Herzog: "Re: Pentesting tool - Commercial"
• Next in thread: puppe@hisolutions.com: "AW: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT