Vincent Liu authors Penetration Testing: The White Hat Hacker in the July 2007 issue of the ISSA Journal.

ISSA Journal - July 2007 - Penetration Testing: The White Hat Hacker (810 downloads)

Most people attempt to define penetration testing as a network attack against an Internet DMZ with the goal of breaking into the internal network. Fundamentally, however, penetration testing is properly defined as the simulation of an attack against a target network or application, encompassing a wide range of activities and variations. Some of these variations include simulating an insider threat as opposed to an external attacker, varying the amount of target information provided in advance of the testing, and deciding whether the IT security staff will be made aware of – and possibly react to – the testing.