Re: Ethical Hacking Training
('binary' encoding is not supported, stored as-is)
I don't think the question here is "how to destroy a building" - rather "how buildings are destroyed". It is true that there are construction engineers who don't need to know how demolition experts work, but they do need to know what happens to the buildings, roads, bridges, and tunnels during an earthquake, flood, hurricane, or fire - or bombing for that matter. That helps them build better and safer structures.
On the other hand, most people also forget that knowing how to perform a pen-test or exploit is only one very very tiny aspect of security. The organization that has a solid policy, coordinated antivirus, well-managed firewalls, patch management policy, e-mail and web filtering, code review, and basic system hardening is likely to be many times more secure than the organization that focuses on *any* one individual's skill as a pen-tester.
If the security foundation is rotten, it does little good to point out that the windows are unlocked.
Pen-testing is important, but the basics need to be there first. That's the message most people are missing - probably because it's not as attractive.
~Jeff
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:53:46 EDT