Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Penetration Testing Ethic

From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Wed, 13 Sep 2000 14:35:28 -0700
OK,

A penetration or security audit is usually a security organization's foot
in the door.  It is in their best interest to point out the glaring holes
but also to assist the organization in fixing their network and address any
policy/procedure issues that need to be addressed.

There is an ethical issue on how to successfully conduct a penetration test
without hurting the organization during the process.

/mark

At 05:52 PM 9/13/00 +0100, Mathew Bevan wrote:

This follows on from the pen testing cost thread, Alexander Sarris raised
the point about being sold repairs multiple times..

I have always had a problem with companies that not only perform the
security audit and make recommendations but perform the fixes as well... Is
it not in their interest to leave a few holes here and there so that their
report doesnt look so bare when they come back for repeat testing..

Obviously this is and ethical issue and something I feel shouldnt happen,
this operating on both sides of the fence situation..

What does everyone else feel about this?

Mathew Bevan aka Kuji (RL 1994)
Previous By Date Next
Previous By Thread Next

Current thread: