Q

Considerations for hiring hacker teams for penetration testing

I would like to know more about hacker teams who hire themselves out to companies to conduct permitted hacks of their systems. Where can I find information about them? What are the advantages and disadvantage of these teams of hackers?

Be very careful with this one! While there are many reputable companies who conduct so-called "penetration tests," there are also a lot of charlatans in this business. You need to do a thorough background check of any ethical hacking company you hire to penetrate your organization. You are giving these folks carte blanche to attack your systems. Ask them what their practices are regarding hiring ex-criminals. Ask them about their own background check procedure. Look for folks working at large, reputable consulting firms. Ask them about liability; what financial backing do they have if something goes awry?

Keep in mind, though, that penetration testing can be a very good thing, as it can help you find vulnerabilities before the bad guys do. The advantages include getting a "hacker's-eye" view of your security, where the rubber meets the road. The disadvantage is that your results will be a snapshot in time when you ran the test and won't reflect your environment next week. So, I recommend proceeding, but with caution.


For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Think twice about hiring a 'white-hat' hacker
News & Analysis: Audits confirm enterprise security
Featured Topic: Penetration testing


This was first published in September 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close