July 21st, 2006, 08:05 PM
Why do we Pen Test?
I've been away from AO for a while, busy with some stuff going on lately. I have a question that fits best here, so I'm back.
Here's the situation. Recently, my organization is questioning the value of Penetration Testing. It turns out the people asking didn't really know what it was to begin with. I am in the process of explaining it to these folks now. However, the questions keeps coming up; "What is the value added?" "Why should we continue?" "Who should be doing it?"
So I have a few questions to the mighty AO:
Why do you pen test?
Why don't you pen test?
What is the value?
Who (what functions) should be doing the testing?
Also, for the n00bs, here is what a Pen Test is: http://en.wikipedia.org/wiki/Penetration_testing
Additionally for the member that will slam me for posting a reduntant topic, I am looking for some fresh info. Please, no links to other threads.
Any input would be great! TIA!
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
, The Art of War