Talk:Penetration test

From Wikipedia, the free encyclopedia

Disagree It's not right. Web Application Testing is a subset of Penetration Testing. Some examples are internal penetration testing and wireless penetration testing. —Preceding unsigned comment added by 70.122.41.236 (talk)

I agree. Any means by which someone can gain unauthorized access to a system or confidential information is an exploit. Pen-testing, ideally, should not just examine static open ports and services but do so under operational conditions. Today, an exploit can be temporal, such as a confidential file attachment being sent via a Web-based email client, that would not show up in a conventional static pen-test. —Preceding unsigned comment added by Schratboy (talk • contribs)

Agree - penetration testing of web applications is definitely a component of penetration testing, and the page isn't big enough to warrant standing on its own. njan 15:27, 22 April 2007 (UTC)


I disagree Pen Testing is not limited to Web Application testing.

I agree If Web Application Penetration Testing is a subset of Penetration Testing, simply include whatever is the "main point" as a paragraph im this article. Thomas Yen 16:18, 27 July 2007 (UTC)thomasyen

Not Sure Maybe it would be better to refer to penetration testing in the general capacity and split Network/Infrastructure testing and App testing into two separate articles? —Preceding unsigned comment added by 78.86.194.239 (talk) 10:10, 1 June 2008 (UTC)

[edit] External Links

I think I've cleaned up the links to the point where we can remove that "please clean up external links in this article" header. Any complaints? Random name (talk) 09:13, 2 February 2008 (UTC)

[edit] Stuff at the end of Methodologies

What is this random methodology supposed to be from?

"Methodology for penetration testing :

  1. port scanning
  2. task to perform for a thorough port scan
  3. system fingerprint
  4. service probing
  5. foot printing"

Is this from one of the methodologies cited in the article? It is something generic which has been made up by various editors? I'd suggest it either needs to be clearly from one of the methodologies discussed, or it needs removing. Alternatively, maybe it just needs to be described as "the key tasks in a pen testing methodology?" —Preceding unsigned comment added by Random name (talkcontribs) 11:55, 29 February 2008 (UTC)