Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 19 Jan 2004 13:05:10 -0500 (EST)

I fully agree that to defend one *must* know how to attack. I too often hear some
of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to 
that is "do you know how to do it?". Most network security people I know have no concept 
on how to use an exploit, and invoke it let alone code one. Sending someone on 
an "Ethical Hacking" course can fill most of these gaps in. As I have already stated 
though the student must come to one of these courses with a certain amount of knowledge 
before hand or the money is wasted. Prerequisites for such courses must be clearly laid 
out in the course marketting imho. 


Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
ph :613.249.8340

On Jan 18, Jimi Thompson <jimit () myrealbox com> wrote:


Why not spend the time in researching how to correct security exploits
in enforcing secure coding standards and forcing vendors to clean up
their act and making their products work more efficiently and securely.


Precisely how do you think that the aforementioned "security exploits" 
are discovered? 

My experience has been that unless you know how to hack and how to look 
at your network from the outside like one of the bad guys, that you 
aren't going to have much of an idea of what is vulnerable, what is 
poorly coded, and what does not work efficiently and securely. 

2 cents,




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]