Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Using 0days as part of pen-test?
From: Pete Herzog <lists () isecom org>
Date: Thu, 15 Jan 2009 17:27:55 +0100
My point exactly. I agree with you completely. The blackbox model for pen testing is flawed if it is applied to anything not proprietary and completely new. 

-pete.

Oliver Schad wrote:
I don't understand something: Why should you test a blackbox, why shouldn't you get all informations except user accounts? You don't know the knowledge of all attackers around the world about this specific network. You should assume, there is somebody who knows everything, should you?
I mean, why should I choose as a tester a role of an attacker who knows nothing about the network if there is somebody in this world who could attack this network with all knowledge he needs? 

Regards
Oli

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]