Re: Cross testing exploit with vulnerability scan results
- From: "jussi jaakonaho" <jussi@xxxxxxxxxxxxxxxx>
- Date: Sun, 29 Jul 2007 13:15:51 +0300
On 7/29/07, Anders Thulin <anders.thulin@xxxxxxxxx> wrote:
(This is why computer penetration testing ultimately is a dead end.
Security can't rely on penetration testing for anything but reports
of bad security.)
-yup.
pentests can tell client only like "your security sucks or we are
unsure" if used for assurance on security. it can used for eyeopener
(if those still are needed). testing insicent&response processes,
monitoring function etc.
the "sucks" part is due to being able to getting in and deleting all
things from db, the "we are unsure" part is when you have all claims
that during this timeframe, with available information, exploits,
skills etc etc.
_jussi
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Cross testing exploit with vulnerability scan results
- From: Chroot
- Re: Cross testing exploit with vulnerability scan results
- From: Anders Thulin
- Cross testing exploit with vulnerability scan results
- Prev by Date: Re: Basic facilities required to establish a pen test lab
- Next by Date: RE: Basic facilities required to establish a pen test lab
- Previous by thread: Re: Cross testing exploit with vulnerability scan results
- Next by thread: SAS 70
- Index(es):
Relevant Pages
|
|
