Penetration Testing or Vulnerability Scanning?

From: Rizwan Ali Khan (rizwanalikhan74@yahoo.com)
Date: Fri Mar 07 2003 - 01:07:35 EST


When usually we talk about penetration testing tools,
people mosly
refer to Vulnerability Scanners like iss, typhon,
nessus, cybercop etc.

However penetration testing tools are those who
penetrate as well, the
above scanners do not do that.

One needs to have a working version of SSH exploit for

the SSH
vulnerability detected by the vulnerability scanner,
so is it necessary for
penetration tester to have access to the latest of
underground exploit? or
could all this be done in an ethical manner too?

please guide I am so confused between two of these
methodologies.

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT