Thursday, April 1, 2010

Penetration Tests and the Holy Grail of Security

I am reading this interesting document

provided by OWASP , an "open source" security organization.

The dream was to find an intelligent PENETRATION (gasp!) test tool that find for you the security weaknesses of a Web Application (including Web Services).
See also .

Anyway to quote the already quoted Gary McGraw,
“If you fail a penetration test you know you have a very bad problem indeed. If you pass a penetration test you do not know that you don’t have a very bad problem".

So, don't think that you are not PENETRABLE only because an AUTOMATED TOOL cannot PENETRATE you. Sorry but all this PENETRATION talks make me laugh. I am just Italian.

We shall cover later how to TEST your SECURITY. For a start never bend to pick up object that you dropped hahaha.

No comments: