Description
Penetration testing is the practice of stress testing a network for vulnerabilities. It is very important for companies to understand their infrastructure before an incident occurs. Incidents include anything from a password being lost, personal data being improperly discarded, or even providing the wrong level of access to a resource to an employee. With proper testing and understand of the infrastructure and supporting organization, many risks can be mitigated and prove extremely useful in the long term. This is a comprehensive discussion on concepts, technologies and tools, social engineering and execution of a penetration test.
The link above will retrieve for you a white paper that I wrote discussing penetration testing methodologies and corporate justification in the Summer of 2005. My research was eventually used for a presentation that I was able to give at the first DC480Convention at UAT.
Lessons Learned
The research that I conducted showed me much more than simply how and why to conduct a penetration test. Communicating the necessity, usefulness, and pro-active security model to corporations is not an easy task, but when presented in the right way can save enormous amounts of time and money, potentially mitigating a business continuity disruption.