1
Penetration Testing Execution Standard
16 August 2011
Penetration testing has been a skill (some say an art) for as long as we can remember information security and the computer industry. Nevertheless, over the past decade or so, the term has been completely ambiguated. It has been cannibalized, commercialized, and transformed into a market where charlatans and professionals are on the same playing field.
The commercial industry has embraced the sexyness of penetration tests, built products around it uprooted its values with product marketing and sales speak, and conned organizations into buying deeper and deeper to the dreaded pentest unit (as in I need 2 units of pentest to complete this compliance effort). Backed by a thriving regulatory compliance rush to checkoff as many items as they can on audit lists, pentesting was given the final blow to its heritage of value. A once surgical skill that required innovation, critical thinking, technical savvy, business understanding, and good old hacker-sense was reduced to a check box on the back of a consulting companies marketing material.
The first issue of PenTest Magazine is now available for free. You can read the full PTES story, as well as the whole issue, here.
The commercial industry has embraced the sexyness of penetration tests, built products around it uprooted its values with product marketing and sales speak, and conned organizations into buying deeper and deeper to the dreaded pentest unit (as in I need 2 units of pentest to complete this compliance effort). Backed by a thriving regulatory compliance rush to checkoff as many items as they can on audit lists, pentesting was given the final blow to its heritage of value. A once surgical skill that required innovation, critical thinking, technical savvy, business understanding, and good old hacker-sense was reduced to a check box on the back of a consulting companies marketing material.
The first issue of PenTest Magazine is now available for free. You can read the full PTES story, as well as the whole issue, here.
