OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Why Penetration Test?

From: cbc (cboonchinyahoo.com)
Date: Sat Jun 11 2005 - 01:42:39 CDT


Hi All,

My comments on these are:

A pentest which is useful and is able to add value to
a company who pays the service is only if the results
and finding are tally with the goal and expectation
established during the initiation of the exercise.

It is meaningless to judge which scenarios is the best
as if my goal of a pentest is to find as many as
vulnerabilites you can and exploit it, then I will say
scenario C is the best. But if my goal is to find
which vulnerbailities would impact my business most,
then scenario A is a better candidate.

In summary, ensuring a proper goal and expectation is
achieved during the planning stage is very vital. You
will find the evaluation and management process more
manageable by doing so!

Regards,
Boon Chin,
Senior Security Consultant, Singapore

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com