jetlib.sec » Penetration Testing » Re: Vulnerability scanning routines - what is overkill.

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• August 28, 2011
• 

  Re: Vulnerability scanning routines - what is overkill.

  Posted: August 28th, 2011, 12:00pm PDT

  Tags:   

  Posted by Duncan Alderson on Aug 28

  Hi Cribbar,
  
  I can see the auditors point but he may not be putting the best case forward.
  
  If the organisation has a good security model in place with patching and hardening, there is still a need to scan the
  whole environment. Look at it as a defence in depth scan. What happens if a rouge device is added to network? A change
  on a device is added that has insecure consequences?
  
  I know there can be other controls in place to stop this...