Thursday, April 1, 2010

Penetration Tests and the Holy Grail of Security

I am reading this interesting document

http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

provided by OWASP http://www.owasp.org , an "open source" security organization.

The dream was to find an intelligent PENETRATION (gasp!) test tool that find for you the security weaknesses of a Web Application (including Web Services).
See also http://en.wikipedia.org/wiki/Penetration_testing .

Anyway to quote the already quoted Gary McGraw,
“If you fail a penetration test you know you have a very bad problem indeed. If you pass a penetration test you do not know that you don’t have a very bad problem".

So, don't think that you are not PENETRABLE only because an AUTOMATED TOOL cannot PENETRATE you. Sorry but all this PENETRATION talks make me laugh. I am just Italian.

We shall cover later how to TEST your SECURITY. For a start never bend to pick up object that you dropped hahaha.

Posted by vernetto at 2:40 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)