Re: Pen testing techniques

From: v3nd3rs5uck (ntpeck@yahoo.com)
Date: Thu Apr 10 2008 - 16:21:38 EDT


I Agree with an earlier reply, don't EVER say they have no vulnerabilities. There's always vulnerabilities its whether you and your tools find them or not.

Reading Book: The Manager's Guide to Becoming Great

--- On Wed, 4/9/08, Atif Azim <azim.atif@gmail.com> wrote:

> From: Atif Azim <azim.atif@gmail.com>
> Subject: Pen testing techniques
> To: pen-test@securityfocus.com
> Date: Wednesday, April 9, 2008, 12:48 PM
> Hello,
> I am new to pen testing and am currently involved in doing
> an external
> pen test for one of our clients.We are doing it through
> Core
> Impact.Reconnaisance showed only port 80 as open and the
> web server
> running IIS 6.0.Core Impact did not find any
> vulnerabilities in the
> server and hence was unable to penetrate.The web
> application was also
> tested for SQL Injection and PHP remote file inclusion and
> did not
> find any vulnerabilities there either.
>
> My question is what else can we do besides relying on Core
> Impact for
> this pen test.And what impression can a client get if we
> say to them
> that there are no vulnerabilites in your network or web
> app.Its
> dificult to digest something like that for a security
> specialist that
> everythings alright.
>
> Looking forward to some great views.Thanks.
>
> Regards,
> Atif Azim
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:30 EDT