Hi.
The question seems be deeply related to "what is security?".
In my opinion there is an important factor except vulnerabilities -
information disclosure
about network topology, versions of installed software which are
discovered using black box testing.
In case information leaks were not found, you can show your
methodology of security testing, checklists. For each application you
can define the vector of possible attacks and methods how to check if
an application is vulnerable. Checklists for hardening software also
show that system is secure enough.
2007/11/21, Attari Attari <c70n3@yahoo.co.in>:
Hi List,
For a client to evaluate success of a pen test what
would go down as Key Success Factors. I spoke to one
client and he opined that more issues a pen tester
finds the more successful it is for them and
highlights the quality of tester. They also feel that
if tester has found few or no vulnerabilities, the
testers are simply no good. I know majority of testers
on this list would disagree with this, and right so.
In such a case what we as testers could communicate
acceptable success factors to the client, in priority
order?
Clone
Save all your chat conversations. Find them online at
http://in.messenger.yahoo.com/webmessengerpromo.php
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
Best regards.
Gleb Pakharenko.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
