Re: nessus exceptions

From: DokFLeed.Net (dokfleed@dokfleed.net)
Date: Wed Aug 04 2004 - 01:19:29 EDT


This is a very bad practice,
First it is unethical , coz you actually added a Vulnerability to your
company, despite that fact that its ONLINE, where it can be used by
non-indented audience :)

What you should do is, ask the Pen-Tester for the Remediation reports, and
to use at least 3 different tools ( there are 4+ free good tools) if you
are paying them good then ask for the commercial originally generated report
by the tool. but testing with tools is not enough, so

they have to offer you their methodology and approach in general before they
sign NDA and you sign POA
attached to the same contract.

That almost work on all cases

=========================
----- Original Message -----
From: "Chris Griffin" <cgriffin@dcmindiana.com>
To: <pen-test@securityfocus.com>
Sent: Monday, August 02, 2004 10:58 PM
Subject: nessus exceptions

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
> Im trying to find some good holes, that aren't major security issues,
> that i can create on a machine to see if our testing company really
> uses anything other than nessus.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
> cC69CeYr16OsfuYu6u1oe8U=
> =bGZi
> -----END PGP SIGNATURE-----
>
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT