Vulnerability scanning and penetration testing are largely confused with each other, and differ in a couple of different ways. One, penetration testing does indeed usually seek to "bust root" on a server or network from the outside. Vulnerability scanning doesn't go this far, but instead seeks to enumerate all possible vulnerabilities related to configuration (including what the firewall lets through) and _known_ weaknesses in software. Penetration testing is almost always done from outside a network, as a hacker would likely be, while vulnerability scanning is often done locally as well as remotely. As for tools, vulnerability scanning usually relies heavily on one or more of a tool that scans for many different things, while pen-testing usually uses any of the numerous more specialized tools (like buffer overflow exploit code, for example), and you never know what tools you're going to use until you're done. It's a bit like a car mechanic going into work...he doesn't know what cars he's going to see that day yet, or what needs to be done to them, so he doesn't know what tools he'll use for the most part. He'll almost assuredly be using a socket wrench (or nmap), but he might not be needing his special-use spanner (or fragroute). Finally, there's nothing unethical in of itself about using exploit code. The ethics are about HOW you use it, and WHY. If your client is fully aware that you are going to break in, and they are comfortable with the potential downtime resulting from a buffer overflow, for example, then it's not much of a problem. If you surprise them by taking a box or service down accidentally though, without having let them know that it might happen (and without planning for this possibility), then that's not so good. > -----Original Message----- > From: Rizwan Ali Khan [mailto:rizwanalikhan74at_private] > Sent: Friday, March 07, 2003 1:08 AM > To: pen-testat_private > Subject: Penetration Testing or Vulnerability Scanning? > > > When usually we talk about penetration testing tools, > people mosly > refer to Vulnerability Scanners like iss, typhon, > nessus, cybercop etc. > > > However penetration testing tools are those who > penetrate as well, the > above scanners do not do that. > > > One needs to have a working version of SSH exploit for > > the SSH > vulnerability detected by the vulnerability scanner, > so is it necessary for > penetration tester to have access to the latest of > underground exploit? or > could all this be done in an ethical manner too? > > > please guide I am so confused between two of these > methodologies. > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Sun Mar 09 2003 - 10:03:28 PST