From: Dr David Scholefield (david@port80.com)
Date: Tue Aug 15 2006 - 04:38:56 EDT
This is surely the difference between a penetration test and a
vulnerability scan?
A penetration tests is designed to map out the likely extent of
vulnerabilities found
by going a step deeper (without disrupting service). A vulnerability
scan lists
'surface' vulnerability discoveries and moves on!
david scholefield
www.port80.com
On 14 Aug 2006, at 15:44, steven@lovebug.org wrote:
> Hello,
>
> To use this to the maximum and fully realize your potential here is
> what
> you do.
>
> 1) Find the e-mail address for the owner of the website/webpage.
> 2) Compose an e-mail to them detailing what you found.
> 3) Press send.
>
> Then you are done and you have fully realized your potential.
>
> Steven
>
>> hello,
>>
>> I managed to find a website prone to xss, this might sound stupid,
>> but
>> whats next ??? how can i use it to the maximum ??? i managed to pass
>> javascript to a jspz arguments.....but I really can't c how much
>> potential i have now???
>>
>>
>> thx alot
>>
>> ---------------------------------------------------------------------
>> ---------
>> This List Sponsored by: Cenzic
>>
>> Concerned about Web Application Security?
>> Why not go with the #1 solution - Cenzic, the only one to win the
>> Analyst's
>> Choice Award from eWeek. As attacks through web applications
>> continue to
>> rise,
>> you need to proactively protect your applications from hackers.
>> Cenzic has
>> the
>> most comprehensive solutions to meet your application security
>> penetration
>> testing and vulnerability management needs. You have an option to
>> go with
>> a
>> managed service (Cenzic ClickToSecure) or an enterprise software
>> (Cenzic Hailstorm). Download FREE whitepaper on how a managed
>> service can
>> help you: http://www.cenzic.com/news_events/wpappsec.php
>> And, now for a limited time we can do a FREE audit for you to
>> confirm your
>> results from other product. Contact us at request@cenzic.com for
>> details.
>> ---------------------------------------------------------------------
>> ---------
>>
>>
>
>
>
> ----------------------------------------------------------------------
> --------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> Choice Award from eWeek. As attacks through web applications
> continue to rise,
> you need to proactively protect your applications from hackers.
> Cenzic has the
> most comprehensive solutions to meet your application security
> penetration
> testing and vulnerability management needs. You have an option to
> go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed
> service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to
> confirm your
> results from other product. Contact us at request@cenzic.com for
> details.
> ----------------------------------------------------------------------
> --------
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:43 EDT