What differentiates a pentest from other tests?

Paul Asadoorian has summed it up quite nicely in EP 373 of the Security Weekly Podcast. 

A good pentest not only answers the question “can my controls be breached?” but also the following questions:

  • How can I be breached?
  • How much damage to my business can a breach do?
  • Where am I most likely to be breached given my current defenses?
  • What can an attacker do once he has breached one system?
  • Do I have capabilities to detect a breach? 
  • How long will it take me to detect the breach?
  • How well will people in my organization react to a breach or someone trying to breach one of my systems?

I just wanted to take down those questions for you and me, because they might come in handy when arguing once again over what a good or bad pentest is.

Views: 357

Comment

You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

Profile IconSusan Du Preez, Alicia Shelhammer, Thomas Rollette and 1 more joined Dissecting The Hack
Apr 18
Luciano Ferrari is now a member of Dissecting The Hack
Mar 25
Danny Crain is now a member of Dissecting The Hack
Mar 6
Profile IconAdam D'Alessandro and Chelsea White joined Dissecting The Hack
Feb 26

© 2018   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service