OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Is Pentesting Goal Oriented, or Coverage Oriented?

From: Kevin L. Shaw, CISSP, GCIH (kshaweeenterprisesinc.com)
Date: Mon Oct 05 2009 - 05:35:23 CDT


Your argument is correct in that it assesses vulnerabilities; however
the market/customers I have encountered both commercial and civilian
government consider a vulnerability assessment much less intrusive than
any penetration and insist on knowing which scanner you are using (i.e.
Nessus, Retina). There is much more speculation and no demonstrating a
"found vulnerability" as susceptible to privileged access.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------