Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Vulnerability Assessment vs. PenTest
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 28 Aug 2006 13:03:05 +0200 (CEST)

Hey pen-testers,

Just a quick contribution to the old VA vs. PT discussion.

On Fri, 4 Aug 2006, James Harless wrote:

Where is the line between a Vulnerability Assessment and a PenTest? In other words, which tests do you run which identifies your assessment as a pentest rather than a VA?

You should check the "Proactive Security Square" by Pete Herzog (OSSTMM's creator). Find it here, along with a brief description of the 7 levels of security tests (starting from page 30):

http://www.satexpo.it/pdf/SatExpo_Satellite_Security.pdf

Finally, i'd like to point out this old post of mine, about testing of attack vectors other than IP:

http://archives.neohapsis.com/archives/sf/pentest/2005-06/0304.html

Hope this helps,

--
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]