Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 071078.html (Request Expert securityfocus.com Support)

RE: Know such a web's server tool? -- huh

From: intel96 <intel96(at)bellsouth.net>
Date: Mon Jul 21 2003 - 17:28:26 EDT


>Exactly this is the reason why penetration testing isn't only running of
and
>additional steps taken.

>Everyone can run tools, but only people who understand things can interpret
> their results and find additional possible or existing security problems.

The problem is finding people that really can interpret the results from many of the tools used. I have seen people run tools like ISS and drop a report 1000+ pages on a desk. When asked what the report means I always get the "deer in the head lights look." In addition several of the tools (ISS, Retina, etc.) still have false positives that must be uncovered through interpretation of the results and some old fashion manual testing. There is still no tool that can replace the best tool of all, which is the human brain.............

Regards,

intel96

-----Original Message-----
From: Bojan Zdrnja [mailto:Bojan.Zdrnja@LSS.hr] Sent: Monday, July 21, 2003 6:13 PM
To: 'Alvin Oga'; 'Paul Vet'
Cc: 'MARTIN M. Bénoni'; pen-test@securityfocus.com Subject: RE: Know such a web's server tool? -- huh

> -----Original Message-----

Exactly this is the reason why penetration testing isn't only running of nmap/nessus/iss/whatever, but more important - interpretation of results and additional steps taken.

Do you need help?X

Everyone can run tools, but only people who understand things can interpret their results and find additional possible or existing security problems.

Regards,

Bojan Zdrnja

Received on Tue Jul 22 18:59:33 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:40 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library