I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    3 months ago

    Even the potential threat wank they add to low severity stuff is ridiculous.

    Finding: device responding to ping requests.
    Severity: Low.
    Threat: Using timing attacks and response analysis an attacker could derived the devices operating system.

    • exuA
      link
      fedilink
      English
      arrow-up
      10
      ·
      3 months ago

      The hacker might shame you for using Windows Server on a public forum!

      /s