A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


How often should you perform a Penetration Test — Jason Samide (Circle City Con 2014 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

How often should you perform a Penetration Test — Jason Samide
Circle City Con 2014
http://circlecitycon.com

Abstract: How often should your organization conduct a penetration test and what is in scope? I get this question quite often from customers and colleagues. There really is no one correct answer but there is some guidelines I promote and adhere to. A penetration test or sometimes called a ‘pentest’ is a technique of assessing computer and network security by simulating real time attacks from external and internal positions. Penetration tests are simply a snap shot of your attack vectors. It is a means of identifying your high-risk vulnerabilities and assessing the business impact should an exploit occur. A penetration test is typically done using commercial and freeware tools, followed up by a human that verifies vulnerabilities and attempts to exploit systems or gain escalated privileges. This is the primary difference between a Penetration test and a Vulnerability scan. In my professional opinion, anyone in the organization can run a scan by hitting the ‘enter’ button. I highly recommend vulnerability scans to be run from time to time but they are not a substitute for a true penetration test, which does require the human element. A good ‘pentester’ will understand what the vulnerability and exploit is capable of doing. A great ‘pentester’ will write their own exploit to attack a system. With threat landscaping changing daily I am not suggesting you perform a ‘pentest’ daily or weekly but it is very necessary to complete one.

Back to Circle City Con 2014 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast