Ask the Expert

Considerations for hiring hacker teams for penetration testing

I would like to know more about hacker teams who hire themselves out to companies to conduct permitted hacks of their systems. Where can I find information about them? What are the advantages and disadvantage of these teams of hackers?

    Requires Free Membership to View

Be very careful with this one! While there are many reputable companies who conduct so-called "penetration tests," there are also a lot of charlatans in this business. You need to do a thorough background check of any ethical hacking company you hire to penetrate your organization. You are giving these folks carte blanche to attack your systems. Ask them what their practices are regarding hiring ex-criminals. Ask them about their own background check procedure. Look for folks working at large, reputable consulting firms. Ask them about liability; what financial backing do they have if something goes awry?

Keep in mind, though, that penetration testing can be a very good thing, as it can help you find vulnerabilities before the bad guys do. The advantages include getting a "hacker's-eye" view of your security, where the rubber meets the road. The disadvantage is that your results will be a snapshot in time when you ran the test and won't reflect your environment next week. So, I recommend proceeding, but with caution.


For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Think twice about hiring a 'white-hat' hacker
News & Analysis: Audits confirm enterprise security
Featured Topic: Penetration testing


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: