Penetration testing is not always well understood by those purchasing such services. It is my belief that organisations could often obtain better value for money by considering other security assessment techniques, writes Lee Newcombe, principal consultant at Capgemini.

I describe the whole spectrum of penetration testing, vulnerability assessment, configuration and process reviews as security assessment. I use the term penetration testing in a purist manner; a penetration test will attempt to circumvent the security features of the system under test and then examine how far the tester can extend their access into the target organisation. A penetration test is not necessarily a comprehensive assessment of the security of an organisation; one weakness is all the tester needs.

Continue reading the article


A soon-to-be released ethical hacking report finds 60 percent of organizations budget for penetration testing

Call it realism, or call it pessimism, but most organizations today are resigned to getting hacked. In fact, a full 94 percent expect to suffer a successful breach in the next 12 months, according to a new study on ethical hacking to be released by British Telecom (BT) later this week.

Continue reading the article …