Re: Why Penetration Test?
From: Daniel Reynaud-Plantey (reynaud.danyel_at_wanadoo.fr)
Date: 06/11/05
- Previous message: Rob Havelt: "Re: Why Penetration Test?"
- In reply to: cbc: "Re: Why Penetration Test?"
- Next in thread: Amit: "Re: Why Penetration Test?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Sat, 11 Jun 2005 10:35:22 +0200
Hello everybody,
In my mind a pen-test and a vulnerability assessment address different
problems. The vulnerability assessment should help _defining_ the security
policy of the company/organisation/association and balancing the risk with
the associated cost. On the other hand, a PT should be considered as a check
for the _implementation_ of the security policy. *
And of course a PT depends on the skills of the tester, but if he can't
break it might have two meanings :
1/ You're reasonably secure.
or
2/ You hired a former clown.
The PT report should highlight the actions undertaken by the testing team,
confirming or not option 2.
Best regards,
Daniel Reynaud-Plantey
- Previous message: Rob Havelt: "Re: Why Penetration Test?"
- In reply to: cbc: "Re: Why Penetration Test?"
- Next in thread: Amit: "Re: Why Penetration Test?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
