On Fri, 14 Jul 2006, Daniele Muscetta wrote:
On 7/13/06, Gary McGraw [EMAIL PROTECTED] wrote:
3) never use the results of a pen test as a punch list to attain
security
You are right, but very sadly, that's how it gets used by a lot of
companies
hey, the pen testers found
tests are highly addictive. Then I re-read.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nash
Sent: Thursday, July 13, 2006 9:18 AM
To: Gary McGraw
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] ddj: beyond the badnessometer
On Thu, Jul 13
On Thu, 13 Jul 2006, Gary McGraw wrote:
Hi all,
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
It's great, but penetration testing of the network assesment types is
useless as it takes a picture of what the network look slike TODAY, while
tomorrow it's a
On Thu, Jul 13, 2006 at 07:56:16AM -0400, Gary McGraw wrote:
Is penetration testing good or bad?
http://ddj.com/dept/security/18951
Test coverage is an issue that penetration testers have to deal with,
without a doubt. Pen-tests can never test every possible attack
vector, which means
Excellent post nash. Thanks!
I agree with you for the most part. You have a view of pen testing that
is quite sophisticated (especially compared to the usual drivel). I
agree with you so much that I included pen testing as the third most
important touchpoint in my new book Software Security
[Microsoft Security MVP]
http://silverstr.ufies.org/blog/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary McGraw
Sent: Thursday, July 13, 2006 8:05 AM
To: Nash
Cc: Secure Coding Mailing List
Subject: RE: [SC-L] ddj: beyond the badnessometer
