Ten Deadly Mistakes
Making the wrong choices in your security testing can wreak havoc on your work, possibly even your career. In this chapter, I discuss ten potential pitfalls to be keenly aware of when performing your security assessment work.
Not Getting Prior Approval
Getting documented approval in advance, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts — whether it’s from management or from your client — is an absolute must. It’s your “Get Out of Jail Free” card.
Assuming You Can Find All Vulnerabilities During Your Tests
So many security vulnerabilities exist — known and unknown — that you won’t find them all during your testing. Don’t make any guarantees that you’ll find all the security vulnerabilities in a system. You’ll be starting something that you can’t finish.
Stick to the following tenets:
- Be realistic.
- Use good tools.
- Get to know your systems and practice honing your techniques.
Assuming You Can Eliminate All Security Vulnerabilities
When it comes to networks, computers, and applications, 100 percent, ironclad security is not attainable. You can’t possibly prevent all security ...