> A good estimate of time for a "Once Over" breaks down like this: > > Vulnerability Assessment: > 20 minutes per host > > Penetration Test: > 1 Hour per host What is the difference between vuln assessment and pen test? I have not done either but this seems like a highly subjective area to me. Are you really going to do a vuln assess on a dynamic web site - with all its custom scripts and database connectivity and possibly middleware - in 20 minutes? It sounds like a vuln assess consists of running Nessus or something similar, searching bugtraq archives and possibly throwing in a google search for extra credit. Even on a workstation it seems like you couldn't get much done in 20 minutes. I don't even see how you could reliably enumerate all the installed software in less than 20 minutes. TR ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 11:50:13 PDT