RE: Know such a web's server tool? -- huh
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 07/22/03
- Previous message: Paul Vet: "RE: Know such a web's server tool? -- huh"
- In reply to: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
- Next in thread: intel96: "RE: Know such a web's server tool? -- huh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Jul 2003 16:33:02 -0400 (EDT) To: Bojan Zdrnja <Bojan.Zdrnja@LSS.hr>
[SNIP]
> > okay.... i'll bite ... why does everybody/somebody think that "pen-test"
> > means to run a port scan w/ nmap/nessus .. etc ..
>
> Exactly this is the reason why penetration testing isn't only running of
> nmap/nessus/iss/whatever, but more important - interpretation of results and
> additional steps taken.
>
> Everyone can run tools, but only people who understand things can interpret
> their results and find additional possible or existing security problems.
>
It might be me, but, I would identify the above as an vuln audit rather
then a pen test. I've always viewed a pen test as being more intrusive,
interactive, and exploit oriented then a port/vuln scan and an interpreted
report.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Paul Vet: "RE: Know such a web's server tool? -- huh"
- In reply to: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
- Next in thread: intel96: "RE: Know such a web's server tool? -- huh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
