.

Bruce Schneier and Marcus Ranum on Pen Testing

<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Fri Mar 16, 2007 7:48 am

Bruce Schneier and Marcus Ranum on Pen Testing

Anyone see this months issue of Info Sec magazine? 

Bruce Schneier and Marcus Ranum did a face off piece on Penetration testing.  Not exactly a glowing recommendation of the profession.  At some level, I have to agree with what they say though.
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri Mar 16, 2007 8:46 am

Re: Bruce Schneier and Marcus Ranum on Pen Testing

Here is direct link

http://informationsecurity.techtarget.com/magItem/0,291266,sid42_gci1245619,00.html

After reading it, its pretty obvious neither of them are big proponents of pen testing. It makes sense on some level, if your not going to do anything with the report, why bother spending the money. The only reason is for it then would be compliance issues. I personally think pen testing does provide some value, but the market is flooded with below average pen testers which waters down the effectiveness of it. Also, I think simply coming in and reviewing and revising IT processes like patching, best practices, and IR policy is more effective then a network pen test in the long run.
Last edited by oleDB on Fri Mar 16, 2007 9:53 am, edited 1 time in total.
<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Fri Mar 16, 2007 10:00 am

Re: Bruce Schneier and Marcus Ranum on Pen Testing

I agree

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software