Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Penetration Testing Ethic
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Wed, 13 Sep 2000 14:35:28 -0700


A penetration or security audit is usually a security organization's foot
in the door.  It is in their best interest to point out the glaring holes
but also to assist the organization in fixing their network and address any
policy/procedure issues that need to be addressed.

There is an ethical issue on how to successfully conduct a penetration test
without hurting the organization during the process.


At 05:52 PM 9/13/00 +0100, Mathew Bevan wrote:
This follows on from the pen testing cost thread, Alexander Sarris raised
the point about being sold repairs multiple times..

I have always had a problem with companies that not only perform the
security audit and make recommendations but perform the fixes as well... Is
it not in their interest to leave a few holes here and there so that their
report doesnt look so bare when they come back for repeat testing..

Obviously this is and ethical issue and something I feel shouldnt happen,
this operating on both sides of the fence situation..

What does everyone else feel about this?

Mathew Bevan aka Kuji (RL 1994)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]