On 2014-06-10 05:37, Edward Ned Harvey (lopser) wrote:
From: [email protected] [mailto:discuss-
[email protected]] On Behalf Of Evan Pettrey
To me this seems like sitting to take a test and having a cheatsheet. The IPs
and DNS records should be easy enough to figure out on their own and the
network map I don't believe should be provided.
The argument, "the pentester should have to work for this information," just means
"I want to pay the pentester for more hours, while they perform exhaustive scans of
everything," as long as they're discovering publicly discoverable information.
But, it will also highlight what is easily discoverable. This might affect how
the report is received. Saying it took the pentest guys less than an hour to
discover our DMZ topology will have a bigger impact than being an item on a
long list of things to do, which PMs love to prioritize and shorten.
--
Yves.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
