The person I had the IM discussion with was Daniel Miessler. He responded in his own blog, and sent me the excerpt below as a response. Thanks for the offline and online comments to far. Certainly an interesting topic to discus! Continue reading Response: Pentesting Coverage
Is a pentest done after you got root? Or is this just the start of finding even more vulnerabilities? In my opinion, a pentest should aim at finding as many vulnerabilities as possible. Continue reading Pentesting: Do you need "coverage" ?
I deal with infrastructure and application security testing on a regular basis. On the infrastructure/network side, the consulting and testing market is much more mature, definition of pentest and vulnerability assessment are industry accepted. It is easy to communicate with other folks about the work involved. On the application side, things are not as well … Continue reading Web application penetration testing VS vulnerability assessment