Penetration testing is not always well understood by those purchasing such services. It is my belief that organisations could often obtain better value for money by considering other security assessment techniques, writes Lee Newcombe, principal consultant at Capgemini.
I describe the whole spectrum of penetration testing, vulnerability assessment, configuration and process reviews as security assessment. I use the term penetration testing in a purist manner; a penetration test will attempt to circumvent the security features of the system under test and then examine how far the tester can extend their access into the target organisation. A penetration test is not necessarily a comprehensive assessment of the security of an organisation; one weakness is all the tester needs.
O24 - One Step Ahead 