Saturday, August 13, 2005

Pen Testing Goes Mainstream

Found this article in today's BBC News:

"Industry experience suggests," the report said, "that penetration tests always lead to findings such as the discovery of old, unpatched software or dangerous services running on web servers that would permit a hacker to enter a system."

With modern penetration techniques, it may only take one such loophole to give an unfriendly intruder access to sensitive information.

Which is precisely why pen testing courses are springing up all over the country.
As a result, more and more IT staff are becoming aware of the tools and techniques required to probe a network and then penetrate it.


The point is that regular pen tests are part of routine assurance activities - in the same sense as ongoing audits.

Pen testing is not longer seen by the mainstream press as some sort of hacker voodoo, but as a routine business activity that is part of normal operations. Security is like quality assurance, a process of gradual improvement.

This is a very good sign. Of course folks offering pen test courses and certifications love it too.


Post a Comment

<< Home