----- Mensaje original -----
De: "Adriel T. Desautels" <atd@secnetops.com>
Greetings List,
I am interested in collecting ideas as to what people feel an ideal
penetration test is. What does the ideal methodology look like and
what are the goals? I am asking you this because I have been running
into interesting issues in certain markets. It would appear that some
people view penetration tests as nothing more then basic network
vulnerability audits while others view a penetration test for what it
is, a test designed to compromise target systems as PoC of
vulnerability.
In my opinion, PenTests must include tests designed to compromise target
systems manually. The added value of a PenTest is to have someone able to find
(and exploit) vulnerabilities in custom applications (something beyond that of
which most tools can do).
How do people feel about the use of automated tools and the weights
of their results? What about manual or custom testing? We have our
own methodology that we use for testing our client networks, but I am
always interested in learning what else might be done. I'd be happy
to engage anyone in a conversation about this subject.
Most consultants use automated tools to give you a standardized set of results
that can be reproduced (with the same tools), but custom testing is important.
I believe that any average PenTest consultant should be capable of determining
common false positives and incorrect results with manual testing, such as IIS
running on a Unix server or vulnerabilities for Apache web server for an IIS
web server.
Tools make many mistakes, and the least you would expect is that the guy
running the software knows what he is doing (and actually shows it).
Regards,
Omar Herrera
