Penetration Testing mailing list archives
Re: Ethical Hacking Training
From: Jeff Shawgo <jeff.shawgo () verizon net>
Date: 20 Jan 2004 17:46:10 -0000
I don't think the question here is "how to destroy a building" - rather "how buildings are destroyed". It is true that there are construction engineers who don't need to know how demolition experts work, but they do need to know what happens to the buildings, roads, bridges, and tunnels during an earthquake, flood, hurricane, or fire - or bombing for that matter. That helps them build better and safer structures. On the other hand, most people also forget that knowing how to perform a pen-test or exploit is only one very very tiny aspect of security. The organization that has a solid policy, coordinated antivirus, well-managed firewalls, patch management policy, e-mail and web filtering, code review, and basic system hardening is likely to be many times more secure than the organization that focuses on *any* one individual's skill as a pen-tester. If the security foundation is rotten, it does little good to point out that the windows are unlocked. Pen-testing is important, but the basics need to be there first. That's the message most people are missing - probably because it's not as attractive. ~Jeff --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Don Parker (Jan 19)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
- RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)
- Re: Ethical Hacking Training Jeff Shawgo (Jan 20)
- Re: Ethical Hacking Training Chris Kirschke (Jan 20)
- RE: Ethical Hacking Training Kohlenberg, Toby (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 20)