RE: Business justification for pentesting

From: Craig Wright (cwright@bdosyd.com.au)
Date: Wed Aug 31 2005 - 16:41:07 EDT

• Next message: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Previous message: scinfo@smtpcommander.com: "Re: New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003"
• Maybe in reply to: sectraq@gmail.com: "Business justification for pentesting"
• Next in thread: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What you ask for is a TRA - Threat Risk Analysis
 
This is not a pen test. This involves the classification and valuation of assets, a completion of a vulnerability assesssment, an impact analysis. etc etc
 
Even the Vulnerability assesssment is more involved than a pen test.
 
Craig

        -----Original Message-----
        From: Irene Abezgauz [mailto:irene.abezgauz@gmail.com]
        Sent: Wed 31/08/2005 6:33 PM
        To: sectraq@gmail.com
        Cc: pen-test@securityfocus.com
        Subject: Re: Business justification for pentesting
        
        
         

• Next message: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Previous message: scinfo@smtpcommander.com: "Re: New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003"
• Maybe in reply to: sectraq@gmail.com: "Business justification for pentesting"
• Next in thread: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT