Penetration Testing mailing list archives
Re: Ethical Hacking Training
From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 19 Jan 2004 13:05:10 -0500 (EST)
I fully agree that to defend one *must* know how to attack. I too often hear some of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to that is "do you know how to do it?". Most network security people I know have no concept on how to use an exploit, and invoke it let alone code one. Sending someone on an "Ethical Hacking" course can fill most of these gaps in. As I have already stated though the student must come to one of these courses with a certain amount of knowledge before hand or the money is wasted. Prerequisites for such courses must be clearly laid out in the course marketting imho. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 18, Jimi Thompson <jimit () myrealbox com> wrote: <SNIP>
Why not spend the time in researching how to correct security exploits in enforcing secure coding standards and forcing vendors to clean up their act and making their products work more efficiently and securely.
</SNIP> Precisely how do you think that the aforementioned "security exploits" are discovered? My experience has been that unless you know how to hack and how to look at your network from the outside like one of the bad guys, that you aren't going to have much of an idea of what is vulnerable, what is poorly coded, and what does not work efficiently and securely. 2 cents, Jimi --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Tim Gurney (Jan 20)
- RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Don Parker (Jan 18)
- RE: Ethical Hacking Training Pete Herzog (Jan 19)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 19)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 19)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Don Parker (Jan 19)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
- RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)
- Re: Ethical Hacking Training Jeff Shawgo (Jan 20)
- Re: Ethical Hacking Training Chris Kirschke (Jan 20)
- RE: Ethical Hacking Training Kohlenberg, Toby (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 20)