HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 10 guests online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Featuresarrow Opinionsarrow Bruce Schneier and Marcus Ranum on Pen Testing
Ethical Hacker Community Forums
August 29, 2008, 01:02:00 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Bruce Schneier and Marcus Ranum on Pen Testing  (Read 3653 times)
0 Members and 1 Guest are viewing this topic.
CadillacGolfer
Newbie
*
Offline Offline

Posts: 25


View Profile
« on: March 16, 2007, 07:48:54 AM »
Anyone see this months issue of Info Sec magazine? 

Bruce Schneier and Marcus Ranum did a face off piece on Penetration testing.  Not exactly a glowing recommendation of the profession.  At some level, I have to agree with what they say though.
Logged
oleDB
Full Member
***
Offline Offline

Posts: 216



View Profile WWW
« Reply #1 on: March 16, 2007, 08:46:29 AM »
Here is direct link

http://informationsecurity.techtarget.com/magItem/0,291266,sid42_gci1245619,00.html

After reading it, its pretty obvious neither of them are big proponents of pen testing. It makes sense on some level, if your not going to do anything with the report, why bother spending the money. The only reason is for it then would be compliance issues. I personally think pen testing does provide some value, but the market is flooded with below average pen testers which waters down the effectiveness of it. Also, I think simply coming in and reviewing and revising IT processes like patching, best practices, and IR policy is more effective then a network pen test in the long run.
« Last Edit: March 16, 2007, 09:53:28 AM by oleDB » Logged
CadillacGolfer
Newbie
*
Offline Offline

Posts: 25


View Profile
« Reply #2 on: March 16, 2007, 10:00:15 AM »
I agree
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.04 seconds with 22 queries.
 
EH-Net's
2nd Annual
Tweener Party 

Thanks all. Click HERE for details.

Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.