derstanding of architecture, dev/design goals, etc.
Hmmm.
That's what I'm guessing Gary means, and surely that sun is
slowly setting.
-ae
p.s. - Nash, when I first read your post, I thought p2 started
with "Pen tests are highly addictive". Then I re-read.
> -----Origina
On Fri, 14 Jul 2006, Daniele Muscetta wrote:
> On 7/13/06, Gary McGraw <[EMAIL PROTECTED]> wrote:
> >
> > 3) never use the results of a pen test as a "punch list" to attain
> > security
> >
>
>
> You are right, but very sadly, that's how it gets used by a lot of
> companies
> "hey, the pen te
On 7/13/06, Gary McGraw <[EMAIL PROTECTED]> wrote:
3) never use the results of a pen test as a "punch list" to attainsecurityYou are right, but very sadly, that's how it gets used by a lot of companies"hey, the pen testers found problem 1, 2, 3 - we fix those, we are fine". No way. But still...
tools in the arsenal to help.
Regards,
Dana Epp
[Microsoft Security MVP]
http://silverstr.ufies.org/blog/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary McGraw
Sent: Thursday, July 13, 2006 8:05 AM
To: Nash
Cc: Secure Coding Mailing List
Subj
Excellent post nash. Thanks!
I agree with you for the most part. You have a view of pen testing that
is quite sophisticated (especially compared to the usual drivel). I
agree with you so much that I included pen testing as the third most
important touchpoint in my new book "Software Security" w
On Thu, Jul 13, 2006 at 07:56:16AM -0400, Gary McGraw wrote:
>
> Is penetration testing good or bad?
> http://ddj.com/dept/security/18951
Test coverage is an issue that penetration testers have to deal with,
without a doubt. Pen-tests can never test every possible attack
vector, which means
On Thu, 13 Jul 2006, Gary McGraw wrote:
> Hi all,
>
> Is penetration testing good or bad?
>
> http://ddj.com/dept/security/18951
It's great, but "penetration testing" of the network assesment types is
useless as it takes a picture of what the network look slike TODAY, while
tomorrow it's a d
Hi all,
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
This electronic message transmission contains inf
