Penetration Testing mailing list archives

Re: Vulnerability vs. Pen test

From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 26 Apr 2009 08:58:54 -0600

So part of PCI DSS requirements are for a quarterly vulnerability
assessment, and a yearly pentest.  My question is:  is Nessus considered
just a vulnerability scanning app?  Thanks.

James



Thanks for all the feedback on this.  Guess my next question then is what
type of apps does one use to pen test windows boxes and routers and
switches?  I've seen a lot of sql pen test and web pen test stuff here, but
not much for the Windows and router/switches.  Thanks again all.

James



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Vulnerability vs. Pen test jlay (Apr 23)
- Re: Vulnerability vs. Pen test Ulises2k (Apr 23)
- Re: Vulnerability vs. Pen test Jeffrey Walton (Apr 26)
- RE: Vulnerability vs. Pen test Nick Vaernhoej (Apr 26)
- Re: Vulnerability vs. Pen test R. DuFresne (Apr 26)
- Re: Vulnerability vs. Pen test James Lay (Apr 26)
  - Re: Vulnerability vs. Pen test bartlettNSF (Apr 27)
  - RE: Vulnerability vs. Pen test James W. Beers (Apr 30)