SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
One of our clients will be having such an audit performed, however , in my opinion, the amount and type of of information requested by the pen testing company far exceeds that of what an attacker would normally have available. I'd think that any company who is performing a pen test would perform the necessary reconnaissance activities to discover the environment.
When a 3rd party company is going to perform a security audit or penetration test, how much information do they typically ask or require prior to performing such an audit? How much information is too much?
When a 3rd party company is going to perform a security audit or penetration test, how much information do they typically ask or require prior to performing such an audit? How much information is too much?