Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Ethical Hacking Training
From: Jeff Shawgo <jeff.shawgo () verizon net>
Date: 20 Jan 2004 17:46:10 -0000

I don't think the question here is "how to destroy a building" - rather "how buildings are destroyed".  It is true that 
there are construction engineers who don't need to know how demolition experts work, but they do need to know what 
happens to the buildings, roads, bridges, and tunnels during an earthquake, flood, hurricane, or fire - or bombing for 
that matter.  That helps them build better and safer structures.

On the other hand, most people also forget that knowing how to perform a pen-test or exploit is only one very very tiny 
aspect of security.  The organization that has a solid policy, coordinated antivirus, well-managed firewalls, patch 
management policy, e-mail and web filtering, code review, and basic system hardening is likely to be many times more 
secure than the organization that focuses on *any* one individual's skill as a pen-tester.  

If the security foundation is rotten, it does little good to point out that the windows are unlocked.

Pen-testing is important, but the basics need to be there first.  That's the message most people are missing - probably 
because it's not as attractive.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]