Is penetration testing really unsafe for overall security? Does pen testing really take a long time? Is it a black art?
Alberto Soliño dispels some common myths about pen testing and provides an excellent overview of how it can be used to enable better security in his guest editorial at ZDNet, Some important truths about pen-testing.
An excerpt:
From nearly the start, as developers attempted to assess the tolerance levels of their technologies to different forms of input, and some user organizations, including governments, did the same, they realized that this process was helpful not only in terms of allowing them to design more stable products, but also in securing these technologies to prevent them from being broken or improperly accessed.
As government agencies and businesses that handle proprietary and sensitive data continued to adopt computing more broadly, and demand that these systems were hardened against undesired interruption or accessibility, both by their developers and internal IT security staff, the formal process of penetration testing was born.
Decades later, penetration testing stands as one of the most established and demonstrative methods for gauging the security posture of nearly any type of software program imaginable.
Vaclav Vincalek August 21st, 2009 09:00:00 AM