I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.

  • slazer2au
    link
    English
    162 months ago

    Even the potential threat wank they add to low severity stuff is ridiculous.

    Finding: device responding to ping requests.
    Severity: Low.
    Threat: Using timing attacks and response analysis an attacker could derived the devices operating system.

    • exu
      link
      fedilink
      English
      102 months ago

      The hacker might shame you for using Windows Server on a public forum!

      /s