Penetration Testing mailing list archives
Pen Test vs. Health Check
From: "Andy Cuff" <lists () securitywizardry com>
Date: Sun, 25 Jan 2004 15:38:43 -0000
Hi Folks, Last week Mark Teicher brought up a valid point regarding ethical hacking not solving the underlying issue of an insecure network. Addressing the symptom rather than the cause. I personally don't like the term ethical hacking when referring to a Pen Test, however as you probably noticed think, the term will remain where training is concerned that introduces the student to the techniques and methodology used by a hacker. I do not think that an ethical hacking course will make a security tester. OK, no more about training, honest! A Pen Test is only as good as the testers and is only a snapshot. However, a network that has been secured from the inside out, with a solid secure foundation should stand the test of time, even if it is compromised the attacker may not be able to roam freely and all their actions should be recorded. IMHO a more efficient and thorough method to conduct a security test is the holistic approach, where the tester looks inside the network first from a privileged account, identifying problems and offering solutions, if need be, he/she can then attempt to exploit said vulnerabilities as a demonstration to the client. This method greatly cuts down on the time taken to "scope the joint" externally. Firstly, what are the members thoughts on the above, and what are the downsides in what I have said. Also, does anyone have any good analogies to vindicate the holistic approach over the Pen Test? -andy Talisker Security Tools Directory http://www.securitywizardry.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Pen Test vs. Health Check Andy Cuff (Jan 25)
- Re: Pen Test vs. Health Check Nexus (Jan 25)
- RE: Pen Test vs. Health Check Robert E. Lee (Jan 26)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- RE: Pen Test vs. Health Check Rob Shein (Jan 26)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 27)
- Re: Pen Test vs. Health Check danielrm26 (Jan 28)
- Re: Pen Test vs. Health Check Clint Bodungen (Jan 28)
- Re: Pen Test vs. Health Check danielrm26 (Jan 27)
- Re: Pen Test vs. Health Check Ivan Arce (Jan 29)
- <Possible follow-ups>
- Re: Pen Test vs. Health Check Don Parker (Jan 26)