jetlib.sec » Penetration Testing » Re: Vulnerability scanning routines - what is overkill.

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• September 16, 2011
• 

  Re: Vulnerability scanning routines - what is overkill.

  Posted: September 16th, 2011, 9:59pm PDT

  Tags:   

  Posted by Marco Ivaldi on Sep 16

  Not to mention the fact that the best (only?) way to verify that the security
  model in place is indeed "good" or at least "good enough" is to perform a
  thorough operational security audit [1]. Otherwise you're just guessing at
  best.
  
  Agreed. That's why the focus should be shifted from threats to operations.
  
  [1] See the OSSTMM 3, available at www.osstmm.org.