169
7
Pe n e t r a t i o n te s t i n g —
ol d a n d ne w
us far in security de-engineering, I have covered the dilemma faced
by the networked business world in the area of information risk man-
agement skills. e skills issue is applicable to all facets of the delivery
of information security in the majority of larger organizations.
With regard network penetration testing, in Chapter 2, I cov-
ered some aspects of the older style delivery of penetration testing,
but the focus was on the skills involved rather than the methodol-
ogy. In Chapter 4, I looked out how cheap/free automated testing
tools replaced the Hacker ethic in vulnerability assessment in gen-
eral. In Chapter 5, I looked into the details of autoscanners and Web
autoscanners