Re: Why Penetration Test?

From: Daniel Reynaud-Plantey (reynaud.danyel@wanadoo.fr)
Date: Sat Jun 11 2005 - 04:35:22 EDT

• Next message: Petr.Kazil@eap.nl: "Re: Why Penetration Test?"
• Previous message: Rob Havelt: "Re: Why Penetration Test?"
• In reply to: cbc: "Re: Why Penetration Test?"
• Next in thread: Amit: "Re: Why Penetration Test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello everybody,

In my mind a pen-test and a vulnerability assessment address different
problems. The vulnerability assessment should help _defining_ the security
policy of the company/organisation/association and balancing the risk with
the associated cost. On the other hand, a PT should be considered as a check
for the _implementation_ of the security policy. *

And of course a PT depends on the skills of the tester, but if he can't
break it might have two meanings :
1/ You're reasonably secure.
or
2/ You hired a former clown.

The PT report should highlight the actions undertaken by the testing team,
confirming or not option 2.

Best regards,
Daniel Reynaud-Plantey

• Next message: Petr.Kazil@eap.nl: "Re: Why Penetration Test?"
• Previous message: Rob Havelt: "Re: Why Penetration Test?"
• In reply to: cbc: "Re: Why Penetration Test?"
• Next in thread: Amit: "Re: Why Penetration Test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT