RE: Why Penetration Test?

From: vince (vmarve@gmail.com)
Date: Mon Jun 13 2005 - 11:05:52 EDT

• Next message: Pete Herzog: "Re: Why Penetration Test?"
• Previous message: Mihai Amarandei: "Re: Pentesting a SONUS / SIP Network"
• Maybe in reply to: tarunthenut@gmail.com: "Why Penetration Test?"
• Next in thread: Pete Herzog: "Re: Why Penetration Test?"
• Reply: Pete Herzog: "Re: Why Penetration Test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I do both. The company I work for will send out a VA team to identify
all possible vulnerabilities. The company then decides how much time
it will take to remedy all vulns. After that period a second team
will attempt a Pen Test.

The value added by the VA team is that of identifying everything. The
value of the Pen Test is to show impact and determine if the IT dept
did a good job applying fixes or if the weakness is in the IT dept
instead of the systems.

• Next message: Pete Herzog: "Re: Why Penetration Test?"
• Previous message: Mihai Amarandei: "Re: Pentesting a SONUS / SIP Network"
• Maybe in reply to: tarunthenut@gmail.com: "Why Penetration Test?"
• Next in thread: Pete Herzog: "Re: Why Penetration Test?"
• Reply: Pete Herzog: "Re: Why Penetration Test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT