• DocumentCode
    1007790
  • Title

    About Penetration Testing

  • Author

    Bishop, Matt

  • Author_Institution
    California Univ., Davis
  • Volume
    5
  • Issue
    6
  • fYear
    2007
  • Firstpage
    84
  • Lastpage
    87
  • Abstract
    Students generally learn red teaming, sometimes called penetration testing or ethical hacking, as "breaking into your own system to see how hard it is to do so". Contrary to this simplistic view, a penetration test requires a detailed analysis of the threats and potential attackers in order to be most valuable. Using the results of penetration testing requires proper interpretation. Neither testers nor sponsors should assert that the penetration test has found all possible flaws, or that the failure to find flaws means that the system is secure. All types of testing can show only the presence of flaws and never the absence of them. The best that testers can say is that the specific flaws they looked for and failed to find aren\´t present: this can give some idea of the overall security of the system\´s design and implementation.
  • Keywords
    computer crime; computer science education; ethical aspects; computer security education; ethical hacking; penetration testing; Computer crime; Degradation; Information security; Permission; Privacy; Protection; System testing; Vehicles; education; ethical hacking; hacking; penetration testing; red teams;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2007.159
  • Filename
    4402456
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1007790