Re: Re: Penetration tester or Ethical hacker future?

From: shyaam@gmail.com
Date: Sun Sep 02 2007 - 22:44:06 EDT

Next message: Andrew Court: "RE: Block OS Detection"
Previous message: James Kelly: "Re: Penetration tester or Ethical hacker future?"
Maybe in reply to: crazy frog crazy frog: "Re: Penetration tester or Ethical hacker future?"
Next in thread: rajat swarup: "Re: Auditing microsoft IIS 5/6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) >> I do not believe that penetration testing is a
>> waste of money.

>Of course you don't, you're a pen tester! And
>lots of customers don't
>believe it's a waste of money, either. But for
>those that have invested in
>pen-testing, they do it with the expectation that
>you'll find and report the
>holes to them before the bad guys do. And when a
>company spends on
>pen-testing and gets hacked anyway, it's pretty
>hard to convince them of the
>value of those pen tests.

Pentesting is not easy, and just knowing tools is not pentesting. Golden rules of any technology, "never under-estimate anyone(opponent)". Pentesting is not just about the tools like how it seems in some training and certs. Pentesting is more than that. Vulnerability assessment, exploit writing and many other streams can be combined along with the knowledge of tools and technologies in networking to form pentesting. Some people assume that certain certs would prove them to be the best pentester, but that does not mean that all pentesters are not skillful or that pentesting is useless and not worth the money.

Consider an analogy: The terrorists are stupid enough to bomb US or its common people when the mistake "WAR" is due to politics, leaders, politicians, capitalism(investments and production of weapons or any other common wealth returns of war such as petroleum), etc etc. What did the common people of Afghanistan or Iraq do, what did the common people of US do on the twin tower incident, nothing. Iraqi people cannot be blamed due to Saddam or US citizens cannot be blamed for leaders here. In the same way, you can never tell that a pentesting is waste or that pentesters are not skillful.

Shyaam

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: Andrew Court: "RE: Block OS Detection"
Previous message: James Kelly: "Re: Penetration tester or Ethical hacker future?"
Maybe in reply to: crazy frog crazy frog: "Re: Penetration tester or Ethical hacker future?"
Next in thread: rajat swarup: "Re: Auditing microsoft IIS 5/6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT