Re: PenTest Checklist

From: Alessandro (a.bottonelli_at_infinito.it)
Date: 01/08/04

Next message: Mike: "RE: Spyware drama!"

Previous message: Camila Lui: "Re: detecting rootkits"
In reply to: J. Yoon: "PenTest Checklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Thu, 8 Jan 2004 17:41:20 +0100

On Tuesday 06 January 2004 17:07, you wrote:
> Here's a quick summary here from various sources for your review...
>
> B - Goals
> recognize best practices
> recognize business risks
> privacy issues both internal and external
>
I don't see (but that could be just me) anything in your checklist that can
lead to recognizing business risks and privacy issues.

If Risk = Vulnerabilities x Threats x Damage then a pen-test does a great job
in measuring Vulnerabilities. I need other kind of assessments to measure the
other two factors in the formula.

My 2 Eurocents :-) worth...

-- 
Alessandro Bottonelli
www.axis-net.it
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

Next message: Mike: "RE: Spyware drama!"

Previous message: Camila Lui: "Re: detecting rootkits"
In reply to: J. Yoon: "PenTest Checklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]