This chapter presents the following topics:
• Security assessment methods
• Security assessment types
The complexity of both defending and attacking information systems is often equally underestimated. If many movies are to be believed, the penetration of systems is as simple as opening up a series of command-line interfaces and typing at warp speed. In just a few seconds, the infamous green “Access Granted” message comes up and the hacker takes a bow. No reconnaissance, probing, or security assessments needed—just skip straight to the treasure chest.
The irony facing the targets of hacking, and the malicious hackers themselves, is the prerequisite need for performing security assessments. Security practitioners ...