Re: Penetration Tests

Marcus J. Ranum (mjrnfr.net)
Thu, 25 Sep 1997 18:54:11 +0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Bennett Todd: "Re: Penetration Tests"
• Previous message: David Kennedy: "RE: NCSA's RECON Service"
• Maybe in reply to: Adept: "NCSA's RECON Service"
• Next in thread: Brian Mitchell: "Re: Penetration Tests"
• Reply: Brian Mitchell: "Re: Penetration Tests"

> If you have tools, documentation or a template for considerations
> I'd be grateful. This will be part of an overall risk/vulnerability
> audit, which I have no problems with.

A lot of consultants, auditors, and companies that make
scanner software, would consider that to be incredibly
valuable intellectual property. Don't be surprised if you
don't get a lot of information.

An interesting side-effect of the huge market for computer
security products and services is that it's served to
*increase* the secretiveness of security experts. Unfortunately,
what we really need to be doing is the opposite - sharing
information. But, in a lot of cases, it's hard to expect one
to do otherwise because there's a lot of money at stake.

It'll be interesting to see if anyone provides any information
to the list. [Moderator's note: I WILL suppress "me too"
postings in this thread]

mjr.
-----
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
<A HREF=http://www.clark.net/pub/mjr>Personal</A>
<A HREF=http://www.nfr.net>Work</A>
<A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>

• Next message: Bennett Todd: "Re: Penetration Tests"
• Previous message: David Kennedy: "RE: NCSA's RECON Service"
• Maybe in reply to: Adept: "NCSA's RECON Service"
• Next in thread: Brian Mitchell: "Re: Penetration Tests"
• Reply: Brian Mitchell: "Re: Penetration Tests"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT