O'Reilly logo

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin D. Mitnick, William L. Simon

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6
The Wisdom and Folly of Penetration Testing
The adage is true that the security systems have to win every time, the attacker only has to win once.
— Dustin Dykes
 
 
Think of a prison warden who hires an expert to study his institution’s security procedures, concerned about any gaps that could allow an inmate to slip out. A company follows that same line of thinking when it brings in a security firm to test the sanctity of its Web site and computer networks against intrusion by seeing whether hired attackers can find a way to access sensitive data, enter restricted parts of the office space, or otherwise find gaps in the security that could put the company at risk.
To people in the security field, these are penetration tests — or, in the lingo, “pen tests.” The security firms that conduct these drills are frequently staffed by (surprise, surprise) former hackers. In fact, the founders of these firms are themselves frequently people who have extensive hacker credentials that they prefer their clients never find out about. It makes sense that security professionals tend to come from the hacker community, since a typical hacker is well educated in the common and not so common doorways that companies inadvertently leave open into their inner sanctums. Many of these former hackers have known since they were teens that “security” is, in a great many cases, a serious misnomer.
Any company that orders a pen test and expects the results to confirm that their security is intact ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required