Is a pentest done after you got root? Or is this just the start of finding even more vulnerabilities? In my opinion, a pentest should aim at finding as many vulnerabilities as possible. Continue reading Pentesting: Do you need "coverage" ?
I deal with infrastructure and application security testing on a regular basis. On the infrastructure/network side, the consulting and testing market is much more mature, definition of pentest and vulnerability assessment are industry accepted. It is easy to communicate with other folks about the work involved. On the application side, things are not as well … Continue reading Web application penetration testing VS vulnerability assessment