Pen testing techniques
- From: "Atif Azim" <azim.atif@xxxxxxxxx>
- Date: Thu, 10 Apr 2008 00:48:47 +0500
Hello,
I am new to pen testing and am currently involved in doing an external
pen test for one of our clients.We are doing it through Core
Impact.Reconnaisance showed only port 80 as open and the web server
running IIS 6.0.Core Impact did not find any vulnerabilities in the
server and hence was unable to penetrate.The web application was also
tested for SQL Injection and PHP remote file inclusion and did not
find any vulnerabilities there either.
My question is what else can we do besides relying on Core Impact for
this pen test.And what impression can a client get if we say to them
that there are no vulnerabilites in your network or web app.Its
dificult to digest something like that for a security specialist that
everythings alright.
Looking forward to some great views.Thanks.
Regards,
Atif Azim
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: Pen testing techniques
- From: v3nd3rs5uck
- Re: Pen testing techniques
- From: Rafael Nuñez
- get MD5-Hash from /etc/shadow file
- From: markus sesser
- Re: Pen testing techniques
- From: intel96
- Re: Pen testing techniques
- From: Jason
- Re: Pen testing techniques
- From: Nathan Sportsman
- RE: Pen testing techniques
- From: Shenk, Jerry A
- Re: Pen testing techniques
- Prev by Date: Re: Microsoft RDP Priv. Escalation
- Next by Date: RE: Pen testing techniques
- Previous by thread: [Tool Update] SSA version 1.6 beta 1 released
- Next by thread: RE: Pen testing techniques
- Index(es):
Relevant Pages
|
|
