I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.
I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.
Even the potential threat wank they add to low severity stuff is ridiculous.
Finding: device responding to ping requests.
Severity: Low.
Threat: Using timing attacks and response analysis an attacker could derived the devices operating system.
The hacker might shame you for using Windows Server on a public forum!
/s