Comments on: Hands On: Ep 9 – Penetration Testing http://webstudio.ciopakistan.com/2009/04/09/hands-on-ep-9-penetration-testing/ Pakistan's first Online, On-Demand Technology Media Channel Sun, 18 Dec 2011 02:47:03 +0000 hourly 1 http://wordpress.org/?v=3.0 By: kamran http://webstudio.ciopakistan.com/2009/04/09/hands-on-ep-9-penetration-testing/comment-page-1/#comment-7981 kamran Sun, 07 Nov 2010 05:59:11 +0000 http://webstudio.ciopakistan.com/?p=1136#comment-7981 Good Initiative, Talha<div class="comment-remix-meta"><a href="#" class="replyto" onclick="replyto('7981','kamran'); return false;">Reply</a> </div> Good Initiative, Talha
Reply
]]> By: talha http://webstudio.ciopakistan.com/2009/04/09/hands-on-ep-9-penetration-testing/comment-page-1/#comment-517 talha Tue, 14 Apr 2009 23:42:41 +0000 http://webstudio.ciopakistan.com/?p=1136#comment-517 @Qazi, Thanks for mentioning and I agree with you. Although there is a difference, but I just wanted to keep it simpler for audience. There are many suites of automated tools and online services available that deal with both at same time. And as a PCI Auditor, I also deal with both at same time and the official term we use for both is "Network Scanning".<div class="comment-remix-meta"><a href="#" class="replyto" onclick="replyto('517','talha'); return false;">Reply</a> </div> @Qazi,

Thanks for mentioning and I agree with you. Although there is a difference, but I just wanted to keep it simpler for audience.

There are many suites of automated tools and online services available that deal with both at same time. And as a PCI Auditor, I also deal with both at same time and the official term we use for both is “Network Scanning”.

Reply
]]> By: Qazi Ahmed http://webstudio.ciopakistan.com/2009/04/09/hands-on-ep-9-penetration-testing/comment-page-1/#comment-512 Qazi Ahmed Mon, 13 Apr 2009 21:21:31 +0000 http://webstudio.ciopakistan.com/?p=1136#comment-512 What you have posted here is Vulnerability Assessment and not Penetration Testing and yes, there is a huge difference in both. Nessus is a vulnerability scanning tool which only identifies "possible" security vulnerabilities (with a hell lot of false +/-). Vulnerability Assessment checks for the visible/obvious security issues but Penetration Testing goes further and not only identifies security vulnerabilities but also exploits them to demonstrate an actual hacker attack and includes steps such as footprinting, scanning, enumeration, sniffing, packet inspection, password cracking, bufferover flow attacks, exploitation, backdoor, denial of service, erase logs, patch and report to name a few activities.<div class="comment-remix-meta"><a href="#" class="replyto" onclick="replyto('512','Qazi Ahmed'); return false;">Reply</a> </div> What you have posted here is Vulnerability Assessment and not Penetration Testing and yes, there is a huge difference in both.

Nessus is a vulnerability scanning tool which only identifies “possible” security vulnerabilities (with a hell lot of false +/-).

Vulnerability Assessment checks for the visible/obvious security issues but Penetration Testing goes further and not only identifies security vulnerabilities but also exploits them to demonstrate an actual hacker attack and includes steps such as footprinting, scanning, enumeration, sniffing, packet inspection, password cracking, bufferover flow attacks, exploitation, backdoor, denial of service, erase logs, patch and report to name a few activities.

Reply
]]>