Penetration Testing mailing list archives
Re: Re: Penetration tester or Ethical hacker future?
From: shyaam () gmail com
Date: 3 Sep 2007 02:44:06 -0000
I do not believe that penetration testing is a waste of money.
Of course you don't, you're a pen tester! And lots of customers don't believe it's a waste of money, either. But for those that have invested in pen-testing, they do it with the expectation that you'll find and report the holes to them before the bad guys do. And when a company spends on pen-testing and gets hacked anyway, it's pretty hard to convince them of the value of those pen tests.
Pentesting is not easy, and just knowing tools is not pentesting. Golden rules of any technology, "never under-estimate anyone(opponent)". Pentesting is not just about the tools like how it seems in some training and certs. Pentesting is more than that. Vulnerability assessment, exploit writing and many other streams can be combined along with the knowledge of tools and technologies in networking to form pentesting. Some people assume that certain certs would prove them to be the best pentester, but that does not mean that all pentesters are not skillful or that pentesting is useless and not worth the money. Consider an analogy: The terrorists are stupid enough to bomb US or its common people when the mistake "WAR" is due to politics, leaders, politicians, capitalism(investments and production of weapons or any other common wealth returns of war such as petroleum), etc etc. What did the common people of Afghanistan or Iraq do, what did the common people of US do on the twin tower incident, nothing. Iraqi people cannot be blamed due to Saddam or US citizens cannot be blamed for leaders here. In the same way, you can never tell that a pentesting is waste or that pentesters are not skillful. Shyaam ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Penetration tester or Ethical hacker future? James Kelly (Sep 04)
- <Possible follow-ups>
- Re: Re: Penetration tester or Ethical hacker future? shyaam (Sep 04)
- Re: Penetration tester or Ethical hacker future? crazy frog crazy frog (Sep 04)