« whimper not bang? java.net | Main | Compose yourself »

Charles Miller: penetration testing

The Fishbowl: The Value of Penetration Testing

successful penetration indicates something more than a particular security flaw. It indicates some systemic flaw in network security policies or practices. The network was designed to be proof against a certain class of attacks, and it was found not to be. Why wasn't the installed software up to date against security patches? Why weren't the operators sufficiently educated to spot the social engineering attack? Why didn't anybody notice when the server started behaving out of the ordinary?

Good stuff.

June 21, 2003 02:41 PM


Trackback Pings

TrackBack URL for this entry: