pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cross testing exploit with vulnerability scan results

from [Jan Heisterkamp] [Permanent Link][Original]
To: Morning Wood <se_cur_ity@hotmail.com>
Subject: Re: Cross testing exploit with vulnerability scan results
From: Jan Heisterkamp <janheisterkamp@web.de>
Date: Sat, 28 Jul 2007 15:00:54 -0600
Cc: Chroot <chrooted@gmail.com>, pen-test@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
In-reply-to: <BAY124-DAV826AB8449AF1D5DCA1741D9EC0@phx.gbl>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <20b0a0170707270525m548e299dtd0643c9e0e2ef49d@mail.gmail.com> <BAY124-DAV826AB8449AF1D5DCA1741D9EC0@phx.gbl>
Resent-date: Sat, 28 Jul 2007 16:35:37 -0600 (MDT)
Resent-from: pen-test-return-1078484721@securityfocus.com
Resent-message-id: <20070728223537.3CFC11437F6@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
Sender: janheisterkamp@web.de
User-agent: Thunderbird 2.0.0.5 (Windows/20070716) 
Morning Wood schrieb:

I've been conducting pen tests since 4 yrs now... the methodology I
follow is that we exploit or attempt to exploit ONLY those
vulnerabilities that a vulnerability scanner identifies.


your not a pentester... your a vulnerability scanner kiddi...
nothing more, nothing less.

Nearly 100% of my successfull pentest were
from flaws not uncovered by a vuln scan, found
by manual techniques.

cheers!
m.w


I agree fully with you....
cheers
Jan



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cross testing exploit with vulnerability scan results, Morning Wood
Next by Date:  RE: Cross testing exploit with vulnerability scan results, Steve Armstrong
Previous by Thread:  Re: Cross testing exploit with vulnerability scan results, Morning Wood
Next by Thread:  Re: Cross testing exploit with vulnerability scan results, Chroot
Indexes:  [Date] [Thread] [Top] [All Lists]