Hi all,
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
This electronic message transmission contains
On Thu, 13 Jul 2006, Gary McGraw wrote:
Hi all,
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
It's great, but penetration testing of the network assesment types is
useless as it takes a picture of what the network look slike TODAY, while
tomorrow it's a
On Thu, Jul 13, 2006 at 07:56:16AM -0400, Gary McGraw wrote:
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
Test coverage is an issue that penetration testers have to deal with,
without a doubt. Pen-tests can never test every possible attack
vector, which means
Excellent post nash. Thanks!
I agree with you for the most part. You have a view of pen testing that
is quite sophisticated (especially compared to the usual drivel). I
agree with you so much that I included pen testing as the third most
important touchpoint in my new book Software Security
Although pentesting isn't perfect, I think in the right scope it has the
potential of acting in a vital role in the development lifecycle of a
project.
Building known attack patterns into a library which can be run against a
codebase has some merrit, as long as you understand what the resulting
