Re: Penetration Testing/Vulnerability Assessment

From: SecLists (listsat_private)
Date: Fri Sep 07 2001 - 16:19:11 PDT

Next message: bacano: "Re: Security Audit"

Previous message: Matthew Leeds: "Re: commandline port-scanner for NT ?"
In reply to: Julias P: "Penetration Testing/Vulnerability Assessment"
Next in thread: Emre Yildirim: "Re: Penetration Testing/Vulnerability Assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am in the process of writing Security Guidelines for the Solaris boxes
in my organization and soon after will come guidelines for the other OS's
we use... in my opinion it is almost essential to do a vulnerability
assessment before the pen-test... otherwise how would you know what to
attack?

Also, in my humble opinion, the best security tools out there are open
source and free... there are very few, if any, proprietary tools that are
able to outperform the open source ones... in fact, all of the tools I use
are open source and free... mostly because I feel comfortable with them
but also because my organization is not too keen on spending big bucks on
stuff like that...

all in all, there is no replacement for being intimately familiar with
what you are securing... no tool can provide what sheer knowledge will....

thanks,
shawn

On Fri, 7 Sep 2001, Julias P wrote:

> I have been reading about the reponses on "Security Audit" and I have learnt
> quite a lot. I am currently working on implementing a security policy for my
> organisation, before we hire some security consultant for review.  I think
> vulnerability assessment goes hand in hand with penetration testing.
>
> Would one do a vulnerability assessment first and then penetration testing?
> Are there any sites I can find out more on penetration testing  and
> vulnerability testing. What about free tools I could use for penetration
> testing.
>
>
>
> PJ
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: bacano: "Re: Security Audit"
Previous message: Matthew Leeds: "Re: commandline port-scanner for NT ?"
In reply to: Julias P: "Penetration Testing/Vulnerability Assessment"
Next in thread: Emre Yildirim: "Re: Penetration Testing/Vulnerability Assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 07:50:48 PDT