Re: Cross testing exploit with vulnerability scan results

To:	"Anders Thulin" <anders.thulin@sentor.se>
Subject:	Re: Cross testing exploit with vulnerability scan results
From:	"jussi jaakonaho" <jussi@mataaratanga.com>
Date:	Sun, 29 Jul 2007 13:15:51 +0300
Cc:	Chroot <chrooted@gmail.com>, pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<46AC41EB.5050307@sentor.se>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<20b0a0170707270525m548e299dtd0643c9e0e2ef49d@mail.gmail.com> <46AC41EB.5050307@sentor.se>
Resent-date:	Sun, 29 Jul 2007 18:31:04 -0600 (MDT)
Resent-from:	pen-test-return-1078484727@securityfocus.com
Resent-message-id:	<20070730003104.025961606CB@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

On 7/29/07, Anders Thulin <anders.thulin@sentor.se> wrote:
> (This is why computer penetration testing ultimately is a dead end.
> Security can't rely on penetration testing for anything but reports
> of bad security.)

-yup.
pentests can tell client only like "your security sucks or we are
unsure" if used for assurance on security. it can used for eyeopener
(if those still are needed). testing insicent&response processes,
monitoring function etc.
the "sucks" part is due to being able to getting in and deleting all
things from db, the "we are unsure" part is when you have all claims
that during this timeframe, with available information, exploits,
skills etc etc.

_jussi

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Cross testing exploit with vulnerability scan results, Chroot Re: Cross testing exploit with vulnerability scan results, John M. Martinelli Re: Cross testing exploit with vulnerability scan results, Morning Wood Re: Cross testing exploit with vulnerability scan results, Jan Heisterkamp Re: Cross testing exploit with vulnerability scan results, Chroot Re: Cross testing exploit with vulnerability scan results, Christine Kronberg RE: Cross testing exploit with vulnerability scan results, Steve Armstrong RE: Cross testing exploit with vulnerability scan results, Sol_Invictus Re: Cross testing exploit with vulnerability scan results, Anders Thulin Re: Cross testing exploit with vulnerability scan results, jussi jaakonaho <=

Previous by Date:	Re: Basic facilities required to establish a pen test lab, Jan Heisterkamp
Next by Date:	RE: Basic facilities required to establish a pen test lab, Shenk, Jerry A
Previous by Thread:	Re: Cross testing exploit with vulnerability scan results, Anders Thulin
Next by Thread:	SAS 70, p1g
Indexes:	[Date] [Thread] [Top] [All Lists]