Access "How to pen test: Why you need an internal security pen testing program"
This article is part of the July/August 2012 issue of Establishing an effective internal security pen testing methodology
In today's complex security landscape, new threats are emerging on a regular basis, and we have more vulnerabilities than ever before. As part of a sound security program, most mature security teams have developed a vulnerability management program that includes network and application scanning, patching, and risk assessment. However, many organizations are now asking themselves if it's time to take these programs to the next level by adding penetration testing capabilities into the mix. For many reasons, ranging from compliance mandates to improved vulnerability and threat intelligence, the answer should be a resounding “yes.” Yet there’s often some confusion on how best to approach pen testing, what kinds of skills are needed, the tools to use, how often to do it, and what the process should look like in general. We’ll clarify best practices for security pen testing and explain how to build an internal testing program and measure its success. Why you need an internal pen testing team There are many reasons why organizations should seriously consider ... Access >>>
Premium Content for Free.
How to pen test: Why you need an internal security pen testing program
by Dave Shackleford
Learn pen testing best practices and how to build an internal pen testing team.
Securing SharePoint: SharePoint security best practices
by Marcia Savage, Editor
SharePoint has become ubiquitous in the enterprise, but organizations can overlook security. Learn SharePoint security best practices in this article.
Talk of cyberwarfare threats heats up with Flame malware
by Robert Westervelt, News Director
Experts say malware toolkit isn’t unique, but warn of cyberweapons falling into the wrong hands.
- How to pen test: Why you need an internal security pen testing program by Dave Shackleford
Big data security analytics: Harnessing new tools for better security
by Scott Crawford, Contributor
New techniques are emerging to help organizations analyze security data and improve security defenses.
Three steps for securing SharePoint
by Brien Posey
Restricting user permissions, server hardening and dedicated service accounts are critical.
- Big data security analytics: Harnessing new tools for better security by Scott Crawford, Contributor
Gary McGraw on mobile security: It’s all about mobile software security
by Gary McGraw, Contributor
Mobile systems have a lot of moving parts, but securing them is as simple as practicing software security.
Cyberspace protection requires government collaboration with industry
by Riley Repko, Contributor
Government and private sector collaboration is critical to surviving in cybespace.
LinkedIn password leak: Lessons to be learned from LinkedIn breach
by Marcia Savage
Breach at the professional networking site highlights password practices, storage procedures.
- Gary McGraw on mobile security: It’s all about mobile software security by Gary McGraw, Contributor
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...