Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Pen Test vs. Health Check
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 26 Jan 2004 14:45:24 -0500

A Pen Test is only as good as the testers and is only a 
snapshot. However, a network that has been secured from the 
inside out, with a solid secure foundation should stand the 
test of time, even if it is compromised the attacker may not 
be able to roam freely and all their actions should be recorded.

There's another factor, which is the way that a pen-tester becomes engaged
by a weak point.  In an assessment, a vulnerability is noted, and the tester
moves on, but in a pen-test, they engage that vulnerability, and follow it
like the beginning of a path into the network.  Later, they can go back to
the starting point and find another path, but it's still like trying to map
the paths through the woods on foot; it's possible to miss one.  On the
other hand, an assessment is more like mapping them from a low-flying


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]