Penetration Testing Grows Up

Penetration Testing Grows Up
Penetration Testing Grows Up 

By Kelly Jackson Higgins
Nov 18, 2009 

Penetration testing, once considered a risky practice for the enterprise 
and even a tool for evil hacking purposes, is becoming more of an 
accepted mainstream process in the enterprise mainly due to compliance 
requirements and more automated, user-friendly tools -- and most 
recently, the imminent arrival of a commercial offering based on the 
popular open-source Metasploit tool.

Rapid7's purchase of the Metasploit Project last month and its hiring of 
the renowned creator of Metasploit, HD Moore, demonstrate just how far 
penetration testing has come over the past 18 months, security analysts 
say. While some organizations still confuse penetration testing with the 
more pervasive vulnerability scanning, which searches for and pinpoints 
specific vulnerabilities and weaknesses, penetration testing is finally 
about to enter a new phase of commercial deployment, experts say.

Penetration testing basically puts the tester in the shoes of a would-be 
attacker, using exploits and attack combinations against a network or 
application to find where the actual exploitable weaknesses lie.

"This is an exciting time because we're starting see even the edgy 
[penetration testing providers] look to the enterprise as a viable 
market," says Nick Selby, managing director of Trident Risk Management, 
a Dallas-based security and consultancy firm. "The technology is more 
mature so that the more experienced and skilled penetration testers have 
better toolsets than ever ... and the less experienced ones can do more 
of the low-hanging fruit work."


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods