Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Small Network Pen Testing
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Sat, 04 Nov 2006 14:28:00 +0100

Rocky wrote:

they wanted me to pen testing their network and i did

1) it is unethical to pen test a network you designed, because you
already know what you will find, you already know the internals, so what
kind of "penetration test" are you doing ?

using purely nmap.

2) Selling an nmap scan as a pen test is even worse than unethical.

Is there any simple and precise method for pen testing
small network?

This process is composed of 2 steps
1) evaluate if a penetration test is really needed (it sounds as it
probably isn't) and then
2) have your customer hire someone else than yourself, who can also in
fact do a penetration test

Sorry for the bluntness.

Stefano

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]