How to Give the Best Pen Test of Your Life left me hanging. I wanted to ask questions, get clarification, and most importantly suggest an alternative view of the purpose and goals of pen testing. This presentation is a follow-on or rebuttal to that presentation. The goal is to promote a conversation about pen testing that takes it to a higher level than ordinarily considered. I review, based on Skoudis' presentation, the key components of the "perfect" pen test, but take it farther to discuss the purpose, goals, and desired outcomes for pen testing. I present my notion of an ideal pen test, what it could/should be, how I came to this conclusion, and offer some direction for the future of pen testing.
Bio: Jeff has compiled a rich knowledge base in cryptography, information security, and most recently PCI. With PCI impacting nearly every business vertical, he has served as a QSA and trusted advisor for both VeriSign and AT&T Consulting. As an NSA cryptographer, he oversaw completion of some of the first software-based cryptosystems ever produced for the high-profile government agency. Current Position: As Tenable?s PCI SME and a Security Strategist, Jeff offers over thirty years of information security experience and knowledge to help customers align Tenable products and services with the best practices that are required to maintain a viable security program. Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View?, which provides the most comprehensive and integrated view of network health, and Nessus?, the global standard in detecting and assessing network data.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek