Live Penetration Testing.

To: debian-security@lists.debian.org
Subject: Live Penetration Testing.
From: Mike Mestnik <cheako@visi.com>
Date: Wed, 21 Oct 2009 02:48:33 -0500
Message-id: <[🔎] fa7b26050910210048l2dbb54e2i29423bf8265a2db4@mail.gmail.com>

Are there any applications or projects to provide this *badly needed
service? I'm willing to assist in using or putting together an nmap
type applications that scans for known vulnerabilities and attempts to
make use of them for security awareness and _,*"prof"*,_ of concept
means.

Rant:
* Too often are PCI compliance testings coming up with false positives
based on server provided version data.  No matter how many times it's
spelled out that "These are to be used by authorized/allowed
applications(to discover usable features or avoid version conflicts)
and not by malicious applications.", there is always some one who is
happy for me to change(With the approval of BOFH) the reported version
to 0.0.0.

Reply to:

Follow-Ups:
- Re: Live Penetration Testing.
  - From: Jonas Andradas <j.andradas@gmail.com>
- Re: Live Penetration Testing.
  - From: matteo filippetto <matteo.filippetto@gmail.com>

Prev by Date: Re: Xpdf Integer overflow
Next by Date: Re: Live Penetration Testing.
Previous by thread: Rebuilding all 100+ r-cran-* packages for R 2.10.0 + security question
Next by thread: Re: Live Penetration Testing.
Index(es):
- Date
- Thread