Archive for August, 2010

Penetration Testing: Part 4

Let’s assume that a penetration test has been performed, leaving an organization with a list of vulnerabilities that have been exploited and prioritized recommendations concerning mitigation options. The question now is what the results mean. At face value, the results really serve no purpose other than being a basis for action. If three critical, five moderate- and ten low-severity vulnerabilities have been exploited, an organization should start by patching the critical vulnerabilities, then if resources permit, the medium-severity vulnerabilities, and if resources remain available, then the low-severity ones. Read more…

Categories: Uncategorized Tags: