Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Why Penetration Test?

from [Tony Tulio] Network Security [Permanent Link]
Subject: RE: Why Penetration Test?
Date: Fri, 10 Jun 2005 22:10:34 -0400 
I think the most useful to a business would be 'A'. But that's not because of 
vulnerability assessment vs. pen test. It's because the results address the 
business risk. A business needs to understand the risk of a problem, the risk 
of not doing anything about it, and the risk of taking action. These things let 
you focus business resources where they are needed the most. This should be 
done by the consultant, who understands the technical risks, in concert with 
business management, who understand the business risks. Exploiting a host 
doesn't always mean much unless you can demonstrate how you can exploit the 
data that it leads to and what that means to the business.

-----Original Message-----
From: tarunthenut@gmail.com [mailto:tarunthenut@gmail.com] 
Sent: Thursday, June 02, 2005 2:30 AM
To: pen-test@securityfocus.com
Subject: Why Penetration Test?

I was wondering the usefulness of a penetration testing against vulnerability 
assessment for a company. 

Scenario A
Cosultant "A  is employed to perform a vulnerability assessment and the result 
is tabulated based on the business risk these vulnerabilities pose.

Scenario B
Cosultant "B is employed to perform a Penetration Test, discovers 10 
vulnerabilities and is able to show exploit of 5 vulnerabilities.

Scenario C
Cosultant "C" is employed to perform a Penetration Test, discovers 10 
vulnerabilities and is able to show exploit of 7 vulnerabilities.

Which scenario would have more usefulness to the company? it is ovbious that 
the result of a PT would depend and vary from skill of a consultant to another?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why Penetration Test?, Brahman Thiyagalingham
Next by Date:  Re: Why Penetration Test?, cbc
Previous by Thread:  RE: Why Penetration Test?, DUBRAWSKY, IDO (CALLISMA)
Next by Thread:  Re: Re: Why Penetration Test?, tarunthenut
Indexes:  [Date] [Thread] [Top] [All Lists]