Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Ethical Hacking Training
From: Kevin Johnson <kjohnson () secureideas net>
Date: Mon, 19 Jan 2004 20:01:12 -0500

On Mon, 2004-01-19 at 13:05, Don Parker wrote:
I fully agree that to defend one *must* know how to attack. I too often hear some
of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to 
that is "do you know how to do it?". Most network security people I know have no concept 
on how to use an exploit, and invoke it let alone code one. Sending someone on 
an "Ethical Hacking" course can fill most of these gaps in. As I have already stated 
though the student must come to one of these courses with a certain amount of knowledge 
before hand or the money is wasted. Prerequisites for such courses must be clearly laid 
out in the course marketting imho. 


Don Parker, GCIA


I think one of the things to remember is what the term means, not
necessarily how people use it.  When I tell some one that I am
considered an ethical hacker.  I am saying that I test the security
posture of a company.  This may include actually "hacking" into their
systems or just assessing their policies.  But no matter what is
included, I also include a remediation report.  This ensures that not
only are they told what the problems are, they are also told how to fix
it.  I understand the need for Ethical Hacker training.  If I didn't
know how to get in, how could I honestly tell them how to keep me out?  

Kevin Johnson


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]