Dailydave mailing list archives
Re: So when will the end of pen-tests begin?
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Thu, 23 Nov 2006 10:22:47 -0800
On 11/23/06, Saad Kadhi <saad () docisland org> wrote:
I don't think pen-tests will "end". Think about the actual trend of distributed components, SOA etc. They may need recalibration (for ex. by acquiring more knowledge beforehand on the inner guts of software instead of a Black Box approach) and skills' honing but they still and will remain an essential part of software security.
Penetration testing has already started to become less and less of "What can you find" and more of "please do this so we can sign off on <insert certification here>". They're pre-production check-offs for PCI, SOX, etc. Some customers still find great value in using trusted partners for validation of methodology, installation, etc but when it comes to the dollar value of PTs it's turning into a part of compliance vs. nebulous black arts necromancy. In my opinion, of course. :) I'd prefer to pay my respect to the elder gods for an SQL injection that nets me the SSN database, but as a client that's only part of the reason they came to me. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- So when will the end of pen-tests begin? Isaac Dawson (Nov 22)
- Re: So when will the end of pen-tests begin? Saad Kadhi (Nov 23)
- Re: So when will the end of pen-tests begin? Kurt Grutzmacher (Nov 24)
- Re: So when will the end of pen-tests begin? David Maynor (Nov 24)
- Re: So when will the end of pen-tests begin? Saad Kadhi (Nov 23)