RE: Email Pen-testing

• Previous message: Michael Richardson: "Re: Email Pen-testing"
• Maybe in reply to: Blake: "Email Pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Rob Shein <shoten@starpower.net>, "R. DuFresne" <dufresne@sysinfo.com>, Kevin <kevin@kevincomputers.com.sg>
Date: Tue, 23 Mar 2004 11:18:13 -0500

Great point. I would also add that at the end of the day, the company
being tested has a very practical assessment of whether they are an
"easy" or "hard" target, (ideally) based on the full range of attack
choices available. It seems though that the bounds of pen testing are
defined more in terms of what the company being tested is willing to
consider correcting, rather than what the tester is able to exploit.

>>>>...You're not looking to resemble reality, and not just because the
reality is a bad bad thing...it's not a level playing field, but that
didn't start when the pen-tester notified the company; it started when
the company hired them and promised not to prosecute them for breaking
in :)

------------------------------------------------------------------------

---
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Previous message: Michael Richardson: "Re: Email Pen-testing"
• Maybe in reply to: Blake: "Email Pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]