RE: Know such a web's server tool? -- huh

From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Jul 22 2003 - 16:33:02 EDT


        [SNIP]

> > okay.... i'll bite ... why does everybody/somebody think that "pen-test"
> > means to run a port scan w/ nmap/nessus .. etc ..
>
> Exactly this is the reason why penetration testing isn't only running of
> nmap/nessus/iss/whatever, but more important - interpretation of results and
> additional steps taken.
>
> Everyone can run tools, but only people who understand things can interpret
> their results and find additional possible or existing security problems.
>

It might be me, but, I would identify the above as an vuln audit rather
then a pen test. I've always viewed a pen test as being more intrusive,
interactive, and exploit oriented then a port/vuln scan and an interpreted
report.

Thanks,

Ron DuFresne

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT