-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the answer is NO. and even a big NO. As HC mentioned, the synergy a group of qualified pen testers creates, on a mailing list or inside the dark lab. is equal to none. Personally I see automated tool as the entry point to a pen-test. I didn't find a tool that will perform a full Sql Injection attack and can guide you how to exploit and secure yourself from it- I did see a group of pen-testers pusjing it's way up a vulnerable application all the way to private information and SAM files. I can't see an easier and more knowledgeable way to detect a firewall and it's ruleset more than hping and some good human instinct. and these are only a few examples where a scanner will show practically nothing and a qualified pen tester can do miracles...
Gaziel Avishay, Information Risk Management KPMG Somekh-Chaikin Tel-972-3-6848606/591 - -----Original Message----- From: Joe McCray [mailto:[EMAIL PROTECTED]] Sent: ?? 29 ??? 2002 23:23? To: Security-Basics Subject: Are Vulnerability Scanning Software putting Ptesters out of business? I can only speak for my organization - but we have made a big push toward vulnerability scanners (ISS, Nessus, STAT, and other similar scanners), I'm someone that is interested in becoming a consultant that does Penetration testing (obviously not now - I mean in a few more years as I get more experience). I'm wondering if other organizations are moving toward regular vulnerability scanning, and what effect that is having on consultants that do penetration testing? Joe McCray CCNA, Windows 2000 MCSE www.hardestworkingmanonline.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPLWX0wjeLFovKNOzEQJLcwCgnZ3/c8FVUyoWgPvCoMKPFXdN9T4An1aw Pt0p1hlWOopSxnCsUHMQXTCD =gBQJ -----END PGP SIGNATURE----- ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
