is Pentesting now just about running tools like Nessus and creating a report based on it ? and not actually exploiting anything on your own based on the Agreement ?
Asked
Active
Viewed 212 times
2 Answers
2
In my conception, what you described can be called vulnerability assessment, which consists of finding out possible points of penetration in the system. It is greatly enhanced by automated tools due to the volume of tests it can process in no time. It should be noticed, though, that vulnerability assessments are not perfect and, usually, require manual assist from the operator.
Penetration test, on the other hand, is more than just it. It deals with actually get access to the system by exploiting the vulnerabilities available. Moreover, it can use non-digital methods, such as social engineering. In penetration testing, it is required great manual effort from the operator.
tl;dr: No. Penetration testing is not just running automated tools.
Matheus Portela
- 281
- 1
- 4
1
I'm not sure there is an answer to this question. Each pentester has his/her way of doing things, and your statement which reduces the entire industry to a printer plugged to Nessus should probably be substantiated a little better.
executifs
- 4,772
- 4
- 23
- 25