I am in the process of writing Security Guidelines for the Solaris boxes in my organization and soon after will come guidelines for the other OS's we use... in my opinion it is almost essential to do a vulnerability assessment before the pen-test... otherwise how would you know what to attack? Also, in my humble opinion, the best security tools out there are open source and free... there are very few, if any, proprietary tools that are able to outperform the open source ones... in fact, all of the tools I use are open source and free... mostly because I feel comfortable with them but also because my organization is not too keen on spending big bucks on stuff like that... all in all, there is no replacement for being intimately familiar with what you are securing... no tool can provide what sheer knowledge will.... thanks, shawn On Fri, 7 Sep 2001, Julias P wrote: > I have been reading about the reponses on "Security Audit" and I have learnt > quite a lot. I am currently working on implementing a security policy for my > organisation, before we hire some security consultant for review. I think > vulnerability assessment goes hand in hand with penetration testing. > > Would one do a vulnerability assessment first and then penetration testing? > Are there any sites I can find out more on penetration testing and > vulnerability testing. What about free tools I could use for penetration > testing. > > > > PJ > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 07:50:48 PDT