[SNIP] > > okay.... i'll bite ... why does everybody/somebody think that "pen-test" > > means to run a port scan w/ nmap/nessus .. etc .. > > Exactly this is the reason why penetration testing isn't only running of > nmap/nessus/iss/whatever, but more important - interpretation of results and > additional steps taken. > > Everyone can run tools, but only people who understand things can interpret > their results and find additional possible or existing security problems. > It might be me, but, I would identify the above as an vuln audit rather then a pen test. I've always viewed a pen test as being more intrusive, interactive, and exploit oriented then a port/vuln scan and an interpreted report. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 15:34:02 PDT