From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Jul 22 2003 - 16:33:02 EDT
[SNIP]
> > okay.... i'll bite ... why does everybody/somebody think that "pen-test"
> > means to run a port scan w/ nmap/nessus .. etc ..
>
> Exactly this is the reason why penetration testing isn't only running of
> nmap/nessus/iss/whatever, but more important - interpretation of results and
> additional steps taken.
>
> Everyone can run tools, but only people who understand things can interpret
> their results and find additional possible or existing security problems.
>
It might be me, but, I would identify the above as an vuln audit rather
then a pen test. I've always viewed a pen test as being more intrusive,
interactive, and exploit oriented then a port/vuln scan and an interpreted
report.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT