OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Penetration Tests

Re: Penetration Tests

Brian Mitchell (brianfirehouse.net)
Thu, 25 Sep 1997 19:44:22 -0400 (EDT)

On Thu, 25 Sep 1997, Marcus J. Ranum wrote:

> > If you have tools, documentation or a template for considerations
> > I'd be grateful. This will be part of an overall risk/vulnerability
> > audit, which I have no problems with.
>
> A lot of consultants, auditors, and companies that make
> scanner software, would consider that to be incredibly
> valuable intellectual property. Don't be surprised if you
> don't get a lot of information.
>
> An interesting side-effect of the huge market for computer
> security products and services is that it's served to
> *increase* the secretiveness of security experts. Unfortunately,
> what we really need to be doing is the opposite - sharing
> information. But, in a lot of cases, it's hard to expect one
> to do otherwise because there's a lot of money at stake.
>
> It'll be interesting to see if anyone provides any information
> to the list. [Moderator's note: I WILL suppress "me too"
> postings in this thread]

I'm not sure if it's a big secret. Getting ballista/iss quality
penetration testing stuff is not very difficult, merely time consuming. I
do, however, tend to agree with you about the lack of information, based
primarily on the commercial marketability of the information.

Why give it away if you can sell it :)

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT