Penetration Testing mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: "Frasnelli, Dan" <dfrasnel () COREWAR COM>
Date: Tue, 12 Sep 2000 13:53:58 -0400
As for the topic behind your mention of Industry Best Practices, I don't advocate application of that phrase in the field of internet security; this field is too new, and is evolving too rapidly, for there to be any accepted Best Practices. Contrast with e.g. finance,
Sure, thats the point between the lines of my reply. The phrase 'industry best practice' was invented by lawyers and management to impress the customers/investors while providing the spectre of legal protection. Even in well-established fields, experience must supplement formal guidelines and practices. In the case of Mark T's reference to "high end consulting services" employing "industry best practices".. I suspect they refer either to use of specific products (marketing folks like to use that phrase too) or certifications held by their employees. Does it make a difference to a potential client's management? Maybe. Does it make a difference to the technical folks? Not hardly. Personally, I am more impressed with what someone does behind a keyboard or handset than what a framed paper claims they can do.
where for e.g. financial accounting reporting requirements there are Industry Best Practices which evolve pretty rapidly, it takes a professional to stay on top of them --- but accounting is arguably a 5000+- year old field.
Some principles of information security are almost as old. How long ago did Sun Tzu compose AoW? -dan
Current thread:
- Re: [PEN-TEST] How to "break into" the Pen-Testing field, (continued)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bob Radvanovsky (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Dragos Ruiu (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bennett Todd (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Carric Dooley (Sep 12)
- Message not available
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Adrian Lazar (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Visio bites Carric Dooley (Sep 14)
- Re: [PEN-TEST] Visio bites batz (Sep 14)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bob Radvanovsky (Sep 09)
- [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) batz (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Jose Nazario (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)