The Ethical Hacker Network - Bruce Schneier and Marcus Ranum on Pen Testing

Home

Calendar

Certifications

Latest Additions

EH-Net Login

Welcome Guest.

Lost Password?

No account yet? Register

Who's Online
We have 24 guests and 1 member online

EH-Net Donations
Enter Amount: $

Google Ads

EH-Net News Feeds
Latest Additions

Book Recommendations

You are here: Home

Forum

Features

Opinions

Bruce Schneier and Marcus Ranum on Pen Testing

Ethical Hacker Community Forums

December 02, 2008, 01:21:42 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/

Home

Help

Calendar

Ethical Hacker Community Forums > Features > Opinions (Moderator: don) > Bruce Schneier and Marcus Ranum on Pen Testing

Pages: [1] Go Down

« previous next »

	Author	Topic: Bruce Schneier and Marcus Ranum on Pen Testing (Read 3906 times)
0 Members and 1 Guest are viewing this topic.

CadillacGolfer

Newbie

Offline

Posts: 25

Bruce Schneier and Marcus Ranum on Pen Testing

« on: March 16, 2007, 07:48:54 AM »

Anyone see this months issue of Info Sec magazine?

Bruce Schneier and Marcus Ranum did a face off piece on Penetration testing. Not exactly a glowing recommendation of the profession. At some level, I have to agree with what they say though.


	Logged

oleDB

Full Member

Offline

Posts: 231

Re: Bruce Schneier and Marcus Ranum on Pen Testing

« Reply #1 on: March 16, 2007, 08:46:29 AM »

Here is direct link

http://informationsecurity.techtarget.com/magItem/0,291266,sid42_gci1245619,00.html

After reading it, its pretty obvious neither of them are big proponents of pen testing. It makes sense on some level, if your not going to do anything with the report, why bother spending the money. The only reason is for it then would be compliance issues. I personally think pen testing does provide some value, but the market is flooded with below average pen testers which waters down the effectiveness of it. Also, I think simply coming in and reviewing and revising IT processes like patching, best practices, and IR policy is more effective then a network pen test in the long run.


« Last Edit: March 16, 2007, 09:53:28 AM by oleDB »	Logged

CadillacGolfer

Newbie

Offline

Posts: 25

Re: Bruce Schneier and Marcus Ranum on Pen Testing

« Reply #2 on: March 16, 2007, 10:00:15 AM »

I agree


	Logged

Pages: [1] Go Up

« previous next »

Jump to:

Page created in 0.03 seconds with 23 queries.

Sponsors

Polls

During the most recent election, I:

	Chose a paper ballot.
	Trusted the machines.
	Didn't care, just voted.
	Didn't have a choice. It was paper.
	Didn't have a choice. It was electronic.
	Didn't vote.

Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

Recent Forum Topics

Other : LZMA Decompression Help (1) by BillV
Programming : not static? (7) by RoNNie_13
Calendar Of Events : BOSS Conference 2009 (0) by don
Calendar Of Events : CSI SX 2009 (0) by don
Calendar Of Events : Security OPUS Spring 2009 (0) by don
Calendar Of Events : CanSecWest 2009 (0) by don
Calendar Of Events : Carolinacon 2009 (0) by don
Calendar Of Events : Black Hat USA 2009 (0) by don
Calendar Of Events : Black Hat Europe 2009 (0) by don
Calendar Of Events : Black Hat DC 2009 (0) by don
Calendar Of Events : Cyber Warfare 2009 (0) by don
Calendar Of Events : White Hat Ball 2009 (0) by don
Calendar Of Events : RSA Conference 2009 (0) by don
Calendar Of Events : SOURCE Boston 2009 (0) by don
Calendar Of Events : Notacon 6 (0) by don
Calendar Of Events : ShmooCon 2009 (0) by don
Calendar Of Events : SANS Pen Testing Summit 2009 (0) by don
Calendar Of Events : SANS 2009 (0) by don
Calendar Of Events : SANS Security West 2009 (0) by don
Calendar Of Events : SANS CDI 2008 (0) by don
Forensics : The Julie Amero Case: A Dangerous Farce (0) by don
Other : Early Details of Vista, Server 2008 SP2 Due in April (0) by don
Career Central : 7 Tips for Career Growth in Tight Times (0) by don
Other : Do we or Dont we... (7) by pseud0
Special Events : Pen Testing Perfect Storm Webcast Series: Part 2 - Teaser (6) by don
News from the Outside World : Would you trade your privacy for a smartphone? (5) by jason
Physical Security : Key Duplication from Photos (5) by jason
Career Central : Confused about future (8) by Artful Dodger
Tools : Cain & Abel v4.9.24 Released (1) by RoleReversal
CEH - Certified Ethical Hacker : MSS from EC-Council? (13) by shednik
Book Reviews : Network Intrusion Alert (1) by don
Hardware : Lenovo Introduces Remote Disable Feature for Laptops (16) by jason
Wireless : Jamming by babycam (6) by jason
Other : What kind of lab, machines you have for your security testing? (6) by MadmanTM
Wireless : help wid wifi !!!! (1) by jason
Malware : Military Bans Removable Media (10) by ChrisG
Network Pen Testing : Metasploit Question (4) by ethicalhack3r
Other : SANS CDI (1) by jason
Hardware : Recommendations for IDS Hardware (1) by jason
News Items and General Discussion About EH-Net : Happy Turkey Day 2008 (5) by BillV

Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com

technorati fave

Privacy Notice
for TDCC & All Properties

Joomla! is Free Software released under the GNU/GPL License.

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!