Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pen Test vs. Health Check
From: danielrm26 <danielrm26 () yahoo com>
Date: Tue, 27 Jan 2004 06:24:07 -0500

I am by no means an expert in this subject, but it seems to me that one major difference between a pen-test and a vulnerability assessment is the pen-test is designed to come from a cracker's perspective, and the tester is encouraged to actually attempt to enter systems using real exploits. In a vulnerability assessment, on the other hand, the touch seems to be lighter -- with the focus being on a report of the various areas that need improvement. An illustration:

Pen-Test Guy: "Look what I could have done to your network." // more inflamitory Vulnerabilty Assessment Guy: "Here are some areas you need to work on." // more academic

In short, pen-tests are more cutting edge and sexier. They are asked for when the company is *very* serious about their security and have a vested interest in knowing what an attacker could potentially do on their network from the outside. I should also note that I think that the pen-test requires quite a bit more skill than a vulnerability assessment. I, for example, could probably do a decent vunlerabilty assessment for a small to medium sized company, but I don't feel my skills are far enough along to do pen-testing yet.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]