Re: Pen Test Success Factors

---

• From: Yousif@xxxxxxxxxxxx
• Date: 25 Feb 2008 02:03:55 -0000

---

You could always offer fixing the exploits and vulnerabilities. That would truly be a great success factor they would love. You could indeed generate a full report of all events that took place with custom comments to IT staff/administrators in pointing out problems, suggestions, and common feedback. Also, you might want to expand your findings with the additional testing of odd behaviors or functionalities by testing for SSL and changing HTTPS protocols to boost your results and raise the customers confidence, and of course security. Also, you should if you have not already, test for logical flaws, which have to be done manually and explained throughly, and can be quite effective, and is almost exactly what the customers want to hear, because of the non-technical terms involved to demonstrate or explain the attack(s). You should also explain that every bit of exploit or vulnerability is important. Don't let them justify that XSS isn't serious, (which most company's do). Expl
ain to them that every bit of information assembled is indeed quality for an attacker. Also, you should speak with the CTO or the IT Staff so that they can better understand your concerns, as most business owners, just don't because of the lack of security information and what is normally embedded.

-Yousif Yalda
-Security Consultant
-Http://Vapt-Sec.Com
-Http://YousifYalda.BlogSpot.Com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

---

• Prev by Date: Re: Fwd: How to report a Vulnerability to a Company
• Next by Date: RE: Pentesting tool - Commercial
• Previous by thread: Re: Fwd: How to report a Vulnerability to a Company
• Next by thread: RE: testing an installer
• Index(es):
  • Date
  • Thread

---

Relevant Pages Fwd: Re: tools to scan source code ... design) that can only be found with manual secure code reviews and secure architecture ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) RE: Fwd: Re: tools to scan source code ... design) that can only be found with manual secure code reviews and secure architecture ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: Penetration Testing Scheduling ... Red teaming is a valid approach to testing, where the IT staff has no knowledge of the engagement outside of management. ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... (Pen-Test) Re: Urgent - Web Applications Auditing ... -Yousif Yalda ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... (Pen-Test) Re: VA / PT Pricing?? ... -Yousif Yalda ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2008-02