That's what we do for our customers here. We scan with Nessus, but provide a shortlist of the real dangerous low hanging fruit and we poke around a bit, and do a conference call where we show them what the problem is. Warm regards, Stu
From: Ziots, Edward [mailto:[email protected]] Sent: Monday, March 05, 2012 8:36 AM To: NT System Admin Issues Subject: RE: Vulnerability scanning, and calling it a Pen test the rant continues Thanks, I am glad I am not the only one. Now if someone followed the Penetration test Execution Standard, and did a real Pen test and validated the business risks, then I would be impressed, so back to chewing through this Qualys scan and making heads or tails of what needs to be fixed and what isn't a big risk. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: Alan Davies [mailto:[email protected]] Sent: Monday, March 05, 2012 8:25 AM To: NT System Admin Issues Subject: RE: Vulnerability scanning, and calling it a Pen test the rant continues You pays for what you gets ... even reports of actions that go beyond VA into PT still aren't a proper PT engagement if they're not in a meaningful report, written in English! Having said that, sometimes you just want to know if something can be broken and do the rest yourself. Rarely though .. I have 1better things to do with my time than translating someone else's results into an Exec Summary and business context specific findings Rant welcome :o) a ________________________________ From: Ziots, Edward [mailto:[email protected]] Sent: 05 March 2012 13:12 To: NT System Admin Issues Subject: Vulnerability scanning, and calling it a Pen test the rant continues Not sure if anyone on the list is responsible for Vul Scanning in their organizations/business or Pen testing there systems, but it still blows my mind that we have folks out there providing services to organizations and business calling the output from a Qualys or Nessus vulnerability scanner a Pen-test. I am current been going through someone else work for about 1.5 weeks validating the scanners findings on the systems, so I can get working on slimming down a 225 page report to something that is realistic and achievable. Sorry about the rant, it isn't how I wanted to start my Monday morning. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
