Penetration Testing mailing list archives

Re: Penetration Testing/Vulnerability Assessment

From: SecLists <lists () secure stargate net>
Date: Fri, 7 Sep 2001 19:19:11 -0400 (EDT)

I am in the process of writing Security Guidelines for the Solaris boxes
in my organization and soon after will come guidelines for the other OS's
we use... in my opinion it is almost essential to do a vulnerability
assessment before the pen-test... otherwise how would you know what to
attack?

Also, in my humble opinion, the best security tools out there are open
source and free... there are very few, if any, proprietary tools that are
able to outperform the open source ones... in fact, all of the tools I use
are open source and free... mostly because I feel comfortable with them
but also because my organization is not too keen on spending big bucks on
stuff like that...

all in all, there is no replacement for being intimately familiar with
what you are securing... no tool can provide what sheer knowledge will....

thanks,
shawn

On Fri, 7 Sep 2001, Julias P wrote:

I have been reading about the reponses on "Security Audit" and I have learnt
quite a lot. I am currently working on implementing a security policy for my
organisation, before we hire some security consultant for review.  I think
vulnerability assessment goes hand in hand with penetration testing.

Would one do a vulnerability assessment first and then penetration testing?
Are there any sites I can find out more on penetration testing  and
vulnerability testing. What about free tools I could use for penetration
testing.



PJ

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Penetration Testing/Vulnerability Assessment Julias P (Sep 07)
- Re: Penetration Testing/Vulnerability Assessment SecLists (Sep 10)
- Re: Penetration Testing/Vulnerability Assessment Emre Yildirim (Sep 10)