Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pen Test vs. Health Check
From: "Clint Bodungen" <clint () secureconsulting com>
Date: Wed, 28 Jan 2004 10:41:02 -0600

-danielrm26 wrote:

Your methodical analysis is flawless, with one exception -- *it doesn't
represent reality*.  Whether it's true or not from an academic
standpoint, anyone in the field knows that vunl assessments and
pen-tests are very distinct from eachother.  But yes, you bring good
points. It's just that, as you noted, *should* and *is* are two
completely different animals.

I agree, it doesn't represent reality because many in the field _don't_ view
it this way (the fundamental distinctions and the benefits of using them
together.) I didn't mean for my statement to sound definitive.  I was,
actually, trying to point out those fundamental distinctions and hopefully
provide another insight to the thread: That, instead of taking a "one or the
other" approach, they *should* be used together in a complete professional
project/package.  In fact, I've found that when you provide them together
and "embed" the pen-test in the vuln-assessment, the language and general
undertone of the "vulnerability assessment." tends to even out the client
uncertainties associated with the term "penetration testing" alone.  It
helps present it in a more professional manner, the client feels more
comfortable, the job is done *right*, and you get more "bill time" ;-)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]