What differentiates a pentest from other tests?

Paul Asadoorian has summed it up quite nicely in EP 373 of the Security Weekly Podcast. 

A good pentest not only answers the question “can my controls be breached?” but also the following questions:

  • How can I be breached?
  • How much damage to my business can a breach do?
  • Where am I most likely to be breached given my current defenses?
  • What can an attacker do once he has breached one system?
  • Do I have capabilities to detect a breach? 
  • How long will it take me to detect the breach?
  • How well will people in my organization react to a breach or someone trying to breach one of my systems?

I just wanted to take down those questions for you and me, because they might come in handy when arguing once again over what a good or bad pentest is.

Views: 308


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

Darren Sitter updated their profile
Feb 16
Profile Iconstella kwale and Darren Sitter joined Dissecting The Hack
Feb 16
Kevin Mullins and Bill Gardner are now friends
Jan 30
Bill Gardner and Zachary Gill are now friends
Jan 28

Stratagem 13 News Feed

© 2017   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service