Monday, February 26, 2007

Perils of Penetration Testing

Federal Computer Week is running an article discussing penetration testing - specifically they compare in house to outsourced penetration tests. It also discusses penetration testing software like Core Security Technologies’ Core Impact.

In general, insiders know the network, systems, and applications better than an outsider will, but outsiders often have the cachet necessary to sway management. With tools like the Metasploit framework commonly available, in house security folks have capabilities they have never had before.

So should you outsource your penetration testing? If your inside security folks have the skills, it all comes down to what you need out of the test and how their time and your money can best be spent. Arming them with the best tools you can afford? That's a no brainer...

No comments: