jetlib.sec » carnal0wnage.attackresearch.com » Penetration Testing Rapidly Becoming Obsolete

Feeds

133337 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

carnal0wnage.attackresearch.com

• December 30, 2010
• 

  Penetration Testing Rapidly Becoming Obsolete

  Posted: December 30th, 2010, 10:12am PST by valsmith

  Tags:   

  Yesterday I made a tweet stating that pen testing and pen testers are obsolete. Here's what I mean by that.

  Originally, pen testing was a simulation of what real attackers would do. Then it became more about validating vuln scan/assessment results. Now its essentially about compliance check boxing. (PCI)

  Vulnerability assessment pretty much no longer requires a skilled tester. There are now (and have been for a while) appliances and products which can schedule and automate vulnerability scans. At this point it is essentially a component of patch management. As vuln scanning has gone, so will pen testing go.

  -->

  read more