Re: Why Penetration Test?

From: Daniel Reynaud-Plantey (reynaud.danyel_at_wanadoo.fr)
Date: 06/11/05

  • Next message: Petr.Kazil_at_eap.nl: "Re: Why Penetration Test?"
    To: <pen-test@securityfocus.com>
    Date: Sat, 11 Jun 2005 10:35:22 +0200
    
    

    Hello everybody,

    In my mind a pen-test and a vulnerability assessment address different
    problems. The vulnerability assessment should help _defining_ the security
    policy of the company/organisation/association and balancing the risk with
    the associated cost. On the other hand, a PT should be considered as a check
    for the _implementation_ of the security policy. *

    And of course a PT depends on the skills of the tester, but if he can't
    break it might have two meanings :
    1/ You're reasonably secure.
    or
    2/ You hired a former clown.

    The PT report should highlight the actions undertaken by the testing team,
    confirming or not option 2.

    Best regards,
    Daniel Reynaud-Plantey


  • Next message: Petr.Kazil_at_eap.nl: "Re: Why Penetration Test?"

    Relevant Pages

    • Fwd: Oh Dear, Where to start?!
      ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
      (Security-Basics)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
      (Firewall-Wizards)
    • RE: Cant set Local Security policies. They fail to save
      ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
      (microsoft.public.windows.server.sbs)
    • Re: GPO Update Problem (SYSVOL access via UNC)
      ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
      (microsoft.public.win2000.group_policy)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... The report you cite is CheckPoint originated and deals with older NetScreen ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ...
      (Firewall-Wizards)