|Most security assessments follow a structured methodology in that an initial meeting is held, an agreement is reached, and the assessment is performed. The assessment typically runs from three days to two weeks. Afterwards, a report is written and a meeting is held with the client to discuss the finding or findings.
Michael Gregg, as quoted in Ethical hacking and countermeasures: Network penetration testing intro
Today’s WhatIs.com Word of the Day is pen testing. It’s short for penetration testing, a strategy for finding security vulnerabilities.
Ironically, when I was a kid we used to play a game that involved pen testing. We called the game “spys.” A guy named Luke Reed and I would team up against our younger sisters and try to break in to each other’s forts. One of the forts was a sauna and the other one was a garage, but that didn’t really matter. What mattered was doing reconnaissance to try and discover the enemy’s vulnerabilities so we could infiltrate their fort, get their valuable information (find out what they were talking about) and get out undetected. We played this game for entire summers.
If the enemy was getting too good at spying, we’d set up a pen test. Basically that meant talking Luke’s little brother into being a double-agent. He’d join our sisters’ team and pretend to be on their side so he could see how they were exploiting our own vulnerabilities and report back to us.
There was almost always a security hole. Literally. A hole between the garage and the sauna where the electrical wires ran. It let you pretty much hear everything that got said on the other side.
Ahh…the summers of youth. The times when “playing” meant “learning” and valuable life skills were being developed through intricate games filled with double-agents, treachery and lots of sneaking around between swims.
You know what Luke grew up to be?
A security director. For real.