Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: How to pick the right company for penetration testing?
From: wjnorth <wjnorth () earthlink net>
Date: Fri, 30 Jan 2004 09:36:58 -0800

Hmm...I don't think I said that those tools were penetration testing tools, I do believe I said they were vulnerability scanners, of which one can use to perform pen tests. I think you flamed the wrong person. Thanks for the misdirected correction though, as quite a few people confuse the two. ;-)

-Wes


At 03:51 PM 1/30/2004 +0100, Frederic Charpentier wrote:

 Hi.

 Qualys, Nessus are not a pentest : it's a vulnerability scan.

 Please, don't use  "pentest" to describe these kind of services.

 Fred

On Wed, 28 Jan 2004 15:04:22 -0800
wjnorth <wjnorth () earthlink net> wrote:

> Good catch there. In my opinion one can't rely on a single
> vulnerability scanner, which is why I typically use 2 or 3, Nessus for
> open source then some foo-foo commercial tool to validate and
> invalidate findings. Additionally, depending on what you are testing,
> there are a ton of application level scanners for Database, Web, App
> and such the like. There is no "leader" in any area, at most each tool
> validates the other, I've yet to rely solely on a single tool as the
> end-all-solution.
>
> -Wes
> Sr. Information Security Engineer
>
> At 10:24 AM 1/27/2004 -0500, Eric Greenberg wrote:
> >That's a bold statement "leader in the space." I don't believe there
> >is a single leader in the penetration testing space, there are
> >choices. Answering his question about credentials, information,
> >references might be less subjective.
> >
> >Regards,
> >
> >Eric Greenberg
> >Chief Technical Officer
> >NetFrameworks, Inc.
> >http://www.NetFrameworks.com
> >
> >-----Original Message-----
> >From: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA
> >[mailto:gideon () infostruct net]
> >Sent: Monday, January 26, 2004 9:03 PM
> >To: pen-test () securityfocus com
> >Cc: aoyt78 () dsl pipex com
> >Subject: How to pick the right company for penetration testing?
> >
> >
> >Andy,
> >
> >You should investigate vulnerability scanning services. The leader in
> >the space is Qualys
> >
> > >>>>>>>>>>>>>>>>>>>>> the poster's original question
> >I'm in a position to recommend a company and would like to know, what
> >credentials/information/references should I ask for from a company
> >who offers such services.
> >
> >
> >
> >
> >--------------------------------------------------------------------
> >--------------------------------------------------------------------
> >---------------
> >
> >
> >
> >
> >--------------------------------------------------------------------
> >--------------------------------------------------------------------
> >---------------
> >
> >
> >--------------------------------------------------------------------
> >--------------------------------------------------------------------
> >---------------
>
>
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> -------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault