Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Small Network Pen Testing
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Sat, 04 Nov 2006 14:28:00 +0100

Rocky wrote:

they wanted me to pen testing their network and i did

1) it is unethical to pen test a network you designed, because you
already know what you will find, you already know the internals, so what
kind of "penetration test" are you doing ?

using purely nmap.

2) Selling an nmap scan as a pen test is even worse than unethical.

Is there any simple and precise method for pen testing
small network?

This process is composed of 2 steps
1) evaluate if a penetration test is really needed (it sounds as it
probably isn't) and then
2) have your customer hire someone else than yourself, who can also in
fact do a penetration test

Sorry for the bluntness.


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]