I have had numerous conversations with people on the reviewing of web server logs and with that comes many different ideas on the importance of web server logs. For marketing staff it is of course web analytics, for network/system staff it is for determining why the site is not displaying images, and of course for security persons it is much more.
What do you review your web server logs for.
Over the past few months I have heard a large amount of people talking about Risk Assessment, Vulnerability Assessment, and Penetration Testing, however each one of them presents each of these topics differently.
What is a Risk Assessment versus a Vulnernability Assessment versus a Penetration Test?
Instead of posting what I think they mean, please add a comment as to what you think they are. In a couple of days I will summarize what readers thought and add in my thoughts.
