Dailydave mailing list archives

Re: So when will the end of pen-tests begin?

From: Saad Kadhi <saad () docisland org>
Date: Thu, 23 Nov 2006 09:18:28 +0100


On Nov 23, 2006, at 5:48 AM, Isaac Dawson wrote:

So when will these tests end? 5-10 years? 20? I know we will  
'always' need security validation, but will customers
be willing to spend the (sometimes insanely overpriced) amount for  
these types of tests?
Is anyone else thinking about what they will do next? :)

Turning to risk-based security testing and working in an "inside-

out" fashion for big software shops?


I don't think pen-tests will "end". Think about the actual trend of  
distributed components, SOA etc. They may need recalibration (for ex.  
by acquiring more knowledge beforehand on the inner guts of software  
instead of a Black Box approach) and skills' honing but they still  
and will remain an essential part of software security.
--
Saad Kadhi - http://saad.docisland.org/
"He who relieves the poor makes Ahura king"


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

So when will the end of pen-tests begin? Isaac Dawson (Nov 22)
- Re: So when will the end of pen-tests begin? Saad Kadhi (Nov 23)
  - Re: So when will the end of pen-tests begin? Kurt Grutzmacher (Nov 24)
- Re: So when will the end of pen-tests begin? David Maynor (Nov 24)