All organizations should aspire to have the people, processes and tools necessary to effectively execute an on-going penetration testing program. Failure to do so may result in poor tool selections, testing mistakes, and faulty interpretation of results that often lead to a false sense of security putting the enterprise at risk. IT security and audit staff, along with their managers and directors, should read this paper to clarify any misunderstandings about penetrating testing — from the true purposes and goals, to important process considerations, to tools and tester selection issues, and finally to safe and effective ethical hacking approaches.
Penetration Testing: Clarifying a Commonly Misunderstood Security Discipline
