Having pen-tested for two different security companies, ShopIP and then
Defensive Thinking, the ideal would be a consultant who can do the
audit, run every exploit they find in the wild that applies against the
publicly available services they have. Keep track of which ones worked
and which ones didn't. That's the start. Your average pen tester stops
there. The ideal pen-tester would continue to try to bypass the firewall
and if he/she finds an exploit, use that exploit to try and penetrate
the network even deeper and deeper. Don't forget, under a proper
contract with a written NDA the pentester has free resign of the network
only limited to not destroying data and preferably not disrupting
service to customers, but they need to know if they are vulnerable to DoS.
After that the pen-tester should write up a very detailed report on
every single thing they found and how they found it and under what
circumstances have to be there for it to be a problem. I used to write
two reports, one for IT and one for management that was simplified for
non-tech people.
Terry Vernon
Sprite Technologies
tarunthenut@gmail.com wrote:
I was wondering the usefulness of a penetration testing against vulnerability assessment for a company.
Scenario A
Cosultant "A is employed to perform a vulnerability assessment and the result
is tabulated based on the business risk these vulnerabilities pose.
Scenario B
Cosultant "B is employed to perform a Penetration Test, discovers 10
vulnerabilities and is able to show exploit of 5 vulnerabilities.
Scenario C
Cosultant "C" is employed to perform a Penetration Test, discovers 10
vulnerabilities and is able to show exploit of 7 vulnerabilities.
Which scenario would have more usefulness to the company? it is ovbious that the result of a PT would depend and vary from skill of a consultant to another?
