RE: Know such a web's server tool? -- huh

From: intel96 (intel96@bellsouth.net)
Date: Mon Jul 21 2003 - 17:28:26 EDT

• Next message: Larry Lou: "decrypt SSL private key"
• Previous message: H D Moore: "Re: exploits, good exploits"
• In reply to: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
• Next in thread: Bill Weiss: "Re: Know such a web's server tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>Exactly this is the reason why penetration testing isn't only running of
>nmap/nessus/iss/whatever, but more important - interpretation of results
and
>additional steps taken.

>Everyone can run tools, but only people who understand things can interpret
> their results and find additional possible or existing security problems.

The problem is finding people that really can interpret the results from
many of the tools used. I have seen people run tools like ISS and drop a
report 1000+ pages on a desk. When asked what the report means I always get
the "deer in the head lights look." In addition several of the tools (ISS,
Retina, etc.) still have false positives that must be uncovered through
interpretation of the results and some old fashion manual testing. There is
still no tool that can replace the best tool of all, which is the human
brain.............

Regards,

intel96

-----Original Message-----
From: Bojan Zdrnja [mailto:Bojan.Zdrnja@LSS.hr]
Sent: Monday, July 21, 2003 6:13 PM
To: 'Alvin Oga'; 'Paul Vet'
Cc: 'MARTIN M. Bénoni'; pen-test@securityfocus.com
Subject: RE: Know such a web's server tool? -- huh

> -----Original Message-----
> From: Alvin Oga [mailto:alvin.sec@Mail.Linux-Consulting.com]
> Sent: Sunday, 20 July 2003 5:59 p.m.
> To: Paul Vet
> Cc: MARTIN M. Bénoni; pen-test@securityfocus.com
> Subject: RE: Know such a web's server tool? -- huh
>
> okay.... i'll bite ... why does everybody/somebody think that "pen-test"
> means to run a port scan w/ nmap/nessus .. etc ..

Exactly this is the reason why penetration testing isn't only running of
nmap/nessus/iss/whatever, but more important - interpretation of results and
additional steps taken.

Everyone can run tools, but only people who understand things can interpret
their results and find additional possible or existing security problems.

Regards,

Bojan Zdrnja

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Larry Lou: "decrypt SSL private key"
• Previous message: H D Moore: "Re: exploits, good exploits"
• In reply to: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
• Next in thread: Bill Weiss: "Re: Know such a web's server tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT