Full Disclosure: Penetration Testing or Vulnerability Scanning?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Penetration Testing or Vulnerability Scanning?

From: Rizwan Ali Khan <rizwanalikhan74 () yahoo com>
Date: Sun, 2 Mar 2003 01:10:31 -0800 (PST)

When usually we talk about penetration testing tools,
people mosly 
refer to Vulnerability Scanners like iss, typhon,
nessus, cybercop etc.

However penetration testing tools are those who
penetrate as well, the 
above scanners do not do that.

One needs to have a working version of SSH exploit for
the SSH 
vulnerability detected by the vulnerability scanner,
so is it necessary for 
penetration tester to have access to the latest of
underground exploit? or 
could all this be done in an ethical manner too?

please guide I am so confused between two of these
methodologies.



__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Penetration Testing or Vulnerability Scanning? Rizwan Ali Khan (Mar 02)
- Re: Penetration Testing or Vulnerability Scanning? Etaoin Shrdlu (Mar 02)
  - Re: Penetration Testing or Vulnerability Scanning? aeonflux (Mar 02)
- <Possible follow-ups>
- Penetration Testing or Vulnerability Scanning? Rizwan Ali Khan (Mar 02)
  - Re: Penetration Testing or Vulnerability Scanning? hellNbak (Mar 02)