Ryan Permeh wrote: > as a side, it occurs to me to ask the following of this group: > > what level of pentration do you perform in an average test? do you > penetrate completely? use this to leverage access across a network? Depends on the level of service commissioned. Our entry-level service (Level 1 Interrogate) is purely a vulnerability scan; we enumerate /possible/ vulnerabilities (taking great care to try to avoid both false positives and negatives) and report on them and how they may be used to gain further access. Our premium service (Infiltrate) is (virtually) "no holds barred" penetration testing. We allow both classes of customers to rule some actions out of bounds, such as DoS (even though it may be necessary for spoofing attacks used in Infiltrate). Essentially, we consider Interrogate to be a "breadth-first" search for vulnerabilities, whilst Infiltrate is a "depth-first" search and we'll try to get as deep as we can. > what > "trophy" do you use to prove access? The minimum necessary. If \BOOT.INI proves our point, that'll do. No need to drag (potentially) sensitive material unencrypted across the Internet... > How do you spell out your level of > penetration to your customers? We charge more for Infiltrate. :) > do they understand the difference between > "vulnerability assesment" and penetration analysis? Hopefully. :) > just curious how everyone else chooses to do this.... > Signed, > Ryan Permeh > eEye Digital Security Team Best Regards, Alex. -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 15:56:48 PDT