Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured White Papers
Download the Network Barometer Report, which aggregates findings from secure network infrastructure assessments conducted for more than 150 organisations around the world. It provides some surprising stats on the state of network (un)readiness prevalent today; the reasons why organisations are failing at remediating known vulnerabilities; recommendations on assessing your own infrastructure, and on ways to improve your state of readiness to support the business; and more.
Early-generation server load-balancing technology has proven to be an invaluable asset, especially for organizations hosting widely utilized Web applications. But business requirements evolve, as do the processes and technologies used to fulfill them. The many changes and trends that have taken hold since SLBs were first introduced expose the need for enterprises to step up from a simple load-balancing solution to a more comprehensive application delivery solution . This paper is intended to serve as a guide for organizations looking to replace their early-generation SLBs, providing details on the top eight criteria to use during an evaluation process.
Featured Spotlight
Keep up on who's hiring, who's downsizing and how the government is helping. News, job opportunities, recruiters and employment lawyers are all available.
Sign-Up for
Communications Infrastructure
eNewsletter Delivered Weekly
Click here
Page 1 of 2

Digg it Twitter

Penetration testing: dead in 2009?

By: Bill Brenner - CSO (US)(NA)  (23 Dec 2008)

Is the practice of penetration testing headed the way of desktop publishing and the PDA? Well probably not dead as is dead and gone, it just won't be as cool as it was before. Here's a look at the possible reincarnation of penetration testing

Penetration testing: Security experts mention it all the time as one of the essential tools of defense-in-depth. Companies have raked in the dough selling the service and the tools for years.

But is it possible that penetration testing -- the art of probing company networks in search of exploitable security holes that can then be fixed -- is an idea whose time is about to expire?

If you ask Brian Chess, co-founder and chief scientist of business software assurance (BSA) vendor Fortify Software Inc., the answer is yes.

"Death sounds rather gloomy, but stuff in high tech dies all the time," Chess said in an interview Tuesday. "Desktop publishing? Dead -- but not gone. Personal Digital Assistant (PDA)? Many of the concepts are still with us, but the PDA is dead."

Penetration testing is headed for a similar fate, he said. The concept as we know it is on its death bed, waiting to die and come back as something else. That doesn't mean pen testers will suddenly be unemployed, he said. It's just that they "won't be as cool" as they've been in more recent years.

Customers are clamoring more for preventative tools than tools that simply find the weaknesses that already exist, he said. They want to prevent holes from opening in the first place.

"Death doesn't mean it goes away, it means it transforms. Pen testing will be reborn in the area of production monitoring and measurement," Chess said. "The goal won't be that failure is found and must be fixed. The goal is that failures will become a much rarer event."

Naturally, security practitioners who swear by pen testing as a critical component of a layered security program are reacting to his hypothesis with more than a little skepticism.

Jennifer Jabbusch, CISO at Carolina Advanced Digital Inc. in the Raleigh-Durham area of North Carolina, took issue with Chess' basic premise that penetration testing will become a component of monitoring and measuring.

"Pen testing will continue," she said in an exchange over the Twitter social networking site. "Monitoring and measuring is not pen testing. It's what you do after pen testing."

She also faulted the example of desktop publishing being a dead art, saying, "Desktop publishing isn't dead. In fact, it's grown. Now you can design on your desktop and deliver via the Internet for printing at FedEx/ Kinkos."

Page 1 of 2
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

Events

Book Reviews

White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.