Penetration Testing or Vulnerability Scanning?

From: Rizwan Ali Khan (rizwanalikhan74@yahoo.com)
Date: 03/07/03

  • Next message: Rapaille Max: "RE: Distributed Vulnerability Scanners" 
    Date: Thu, 6 Mar 2003 22:07:35 -0800 (PST)
From: Rizwan Ali Khan <rizwanalikhan74@yahoo.com>
To: pen-test@securityfocus.com

    When usually we talk about penetration testing tools,
    people mosly
    refer to Vulnerability Scanners like iss, typhon,
    nessus, cybercop etc.

    However penetration testing tools are those who
    penetrate as well, the
    above scanners do not do that.

    One needs to have a working version of SSH exploit for

    the SSH
    vulnerability detected by the vulnerability scanner,
    so is it necessary for
    penetration tester to have access to the latest of
    underground exploit? or
    could all this be done in an ethical manner too?

    please guide I am so confused between two of these
    methodologies.

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Tax Center - forms, calculators, tips, more
    http://taxes.yahoo.com/

    ----------------------------------------------------------------------------

    Are your vulnerability scans producing just another report?
    Manage the entire remediation process with StillSecure VAM's
    Vulnerability Repair Workflow.
    Download a free 15-day trial:
    http://www2.stillsecure.com/download/sf_vuln_list.html

  • Next message: Rapaille Max: "RE: Distributed Vulnerability Scanners"

    Relevant Pages

    • Re: Vulnerability scanners dont work
      ... But are you saying that ... between the pen-test shop I recently left and Real Networks for a ... vulnerability in one of their products. ... Yes, vulnerability scanners are ...
      (Security-Basics)
    • Re: Vulnerability scanners dont work
      ... But are you saying that ... between the pen-test shop I recently left and Real Networks for a ... vulnerability in one of their products. ... Yes, vulnerability scanners are ...
      (Pen-Test)
    • Re: Vulnerability scanners dont work
      ... The truth is that vulnerability scanners do contain signatures or scripts that allow them to hunt for certain types of vulnerabilities as well as the specific known vulnerabilities. ... Lets take your www_too_long_auth.nasl script into consideration only because it is the first one that I noticed. ... "The fact is that vulnerability scanners can not detect vulnerabilities unless someone has first identified the vulnerability and created a signature for its detection." ...
      (Pen-Test)
    • Re: Vulnerability Assessment
      ... These are just a few of hundreds of examples of what a vulnerability assessment, IMHO, should be able to addressas required.... ... I agree that Vulnerability scanners can be useful if it is the answer to a ... point as long as you know its not 'point-click-and-ship' and the report is ... Even verification, or ultimate validation, is not necessary if you don't ...
      (Pen-Test)
    • Re: Vulnerability scanners dont work
      ... The truth is that vulnerability scanners do contain signatures or scripts that allow them to hunt for certain types of vulnerabilities as well as the specific known vulnerabilities. ... Lets take your www_too_long_auth.nasl script into consideration only because it is the first one that I noticed. ... "The fact is that vulnerability scanners can not detect vulnerabilities unless someone has first identified the vulnerability and created a signature for its detection." ...
      (Security-Basics)