Why Penetration Test?

From: tarunthenut@gmail.com
Date: Thu Jun 02 2005 - 02:29:34 EDT

Next message: Hernán M. Racciatti: "Re: SQL injection"
Previous message: Zuromski, Brian: "RE: enumerating hosts behind a NAT box"
Next in thread: Terry Vernon: "Re: Why Penetration Test?"
Reply: Terry Vernon: "Re: Why Penetration Test?"
Reply: Erin Carroll: "RE: Why Penetration Test?"
Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: Why Penetration Test?"
Reply: Brahman Thiyagalingham: "Re: Why Penetration Test?"
Maybe reply: Tony Tulio: "RE: Why Penetration Test?"
Reply: Rob Havelt: "Re: Why Penetration Test?"
Reply: Petr.Kazil@eap.nl: "Re: Why Penetration Test?"
Maybe reply: vince: "RE: Why Penetration Test?"
Maybe reply: Pete Herzog: "Re: Why Penetration Test?"
Reply: Matt Curtin: "Re: Why Penetration Test?"
Maybe reply: Williamson, Clyde: "RE: Why Penetration Test?"
Maybe reply: Marco Ivaldi: "Re: Why Penetration Test?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) I was wondering the usefulness of a penetration testing against vulnerability assessment for a company.

Scenario A
Cosultant "A is employed to perform a vulnerability assessment and the result is tabulated based on the business risk these vulnerabilities pose.

Scenario B
Cosultant "B is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 5 vulnerabilities.

Scenario C
Cosultant "C" is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 7 vulnerabilities.

Which scenario would have more usefulness to the company? it is ovbious that the result of a PT would depend and vary from skill of a consultant to another?

Next message: Hernán M. Racciatti: "Re: SQL injection"
Previous message: Zuromski, Brian: "RE: enumerating hosts behind a NAT box"
Next in thread: Terry Vernon: "Re: Why Penetration Test?"
Reply: Terry Vernon: "Re: Why Penetration Test?"
Reply: Erin Carroll: "RE: Why Penetration Test?"
Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: Why Penetration Test?"
Reply: Brahman Thiyagalingham: "Re: Why Penetration Test?"
Maybe reply: Tony Tulio: "RE: Why Penetration Test?"
Reply: Rob Havelt: "Re: Why Penetration Test?"
Reply: Petr.Kazil@eap.nl: "Re: Why Penetration Test?"
Maybe reply: vince: "RE: Why Penetration Test?"
Maybe reply: Pete Herzog: "Re: Why Penetration Test?"
Reply: Matt Curtin: "Re: Why Penetration Test?"
Maybe reply: Williamson, Clyde: "RE: Why Penetration Test?"
Maybe reply: Marco Ivaldi: "Re: Why Penetration Test?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT