Hum..... It amazes me that one would offer a service call ETHICAL hacking
and ask such a question as the one posted. Unfortunately it seems to happen
too many times and all the times. If we wish to be recognize as
professional one day this has to change for sure. Let me twist the original
posting a bit and pretend you're doing your annual medical exam and your
doctor would post the following on a medical mailing list that you subscribe
to:
============== Beginning of twisted message =================
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of a Crazy Doctor
Sent: Friday, December 07, 2007 12:48 PM
To: webappsec@securityfocus.com
Subject: Defining scope of an Annual medical exam
Hi,
Can anyone please tell what needs to be considered while defining the scope
of an annual medical exam. Here I am concerned only about the cholesterol
level and heart beat that would exclude every other bit related to the
infrastructure (such as any other vital parts, diabetes, or the overall
body). Also how do we calculate the effort required to perform an annual
medical exam. The things which I think may be considered are the age of the
patient, past history, etc.
But what else can be considered?
Any inputs would be highly appreciated.
Cheers
Crazy Doctor
============= End of Twisted message ==========================
WOULD YOU ACCEPT AND USE SERVICE FROM SUCH A DOCTOR?
Why is this acceptable in the Security Testing profession and why do we see
this all the time?
I think before you offer service to clients you have to build the service
first.
Hopefully the security testing world will mature quickly over time if we
wish to even attempt to call ourselves PROFESSIONALS.
Best regards
Clement
--------------------------Original Message Below ------------------------
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]
Sent: Friday, December 07, 2007 12:48 PM
To: webappsec@securityfocus.com
Subject: Defining scope of web application pentest
Hi,
Can anyone please tell what needs to be considered while defining the
scope of a web application penetration test. Here I am concerned only
about the web application and the web server that would exclude every
other bit related to the infrastructure (such as firewall or a proxy
etc). Also how do we calculate the effort required to test a web
application. The things which I think may be considered are the
number of static and dynamic pages and types of users involved etc.
But what else can be considered?
Any inputs would be highly appreciated.
Cheers
---------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed? What
tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
