Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Level of Exploitation
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 4 Dec 2008 10:19:48 -0500

Why is everyone responding to me off-list? I didn't have any questions about this that weren't rhetorical. ;]
On Dec 3, 2008, at 2:57 PM, Goni Sarakinov wrote:

pentestr wrote:
Hi list,

I have come across a situation where I need to specify the "Level of
Exploitation" to the client ( a govt. agency). I was able to do SQL
Injection, Cross Site Scripting attacks against the web application.
Could you share your ideas about level of exploitation. What level we
can give for SQL Injection, Cross site scripting, buffer overflow, TCP
stack exploit,etc

thanks in advance
Pen Testr


I would ask them for a sample of previous reports or a definition
document outlining the various levels that their management has agreed
upon or been told to comply to.


--
Goni.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]