Penetration Testing mailing list archives

Re: Penetration Testing Services


From: Todd Hughes <thughes () xdefenders com>
Date: Tue, 03 Aug 2010 07:41:11 -0400

You need to understand the distinction between pen-testing and vulnerability scanning. In simplest terms:

1) Vulnerability scanning (nessus, nmap, etc.) is akin to walking around your facility, jiggling doorknobs and poking your head into the unlocked offices, reporting back which doors are unlocked and which offices have file cabinets in them.

2) Pen-testing is akin to entering your facility without being detected, finding an unlocked door, entering that office, and then gaining access to sensitive documents stored within the locked file cabinet inside that office.

Almost anybody can do #1 but #2 requires a specific skill set.



cribbar wrote:
Penetration Testing Community - I am interested in getting an expert response
to a discussion that keeps raising up in our company.


--
Todd Hughes
Senior Security Analyst
CISA, CISSP
xDefenders, Inc.
1100 Pittsford-Victor Rd.
Pittsford, NY 14534
phone:(585) 385-2770 x7451
fax:(585) 385-3511
thughes () xdefenders com

"Distrust and caution are the parents of security"
--Benjamin Franklin

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------


Current thread: