http://www.itworld.com/penetration-testing xx http://www.itworld.com/security/78688/why-pen-testing-is-central-states-app-security Fortify Co-Founder and Chief Scientist Brian Chess made a stir last year when he predicted -- incorrectly, so far -- that penetration testing would be a dead art in 2009. Among those who shrugged off the suggestion was Robert Maley, CISO for the Commonwealth of Pennsylvania. http://www.itworld.com/security/78688/why-pen-testing-is-central-states-app-security#comments Security Interview penetration testing Wed, 23 Sep 2009 20:35:30 -0400 ITworld staff 78688 at http://www.itworld.com http://www.itworld.com/security/65853/3-ways-penetration-testing-helps-dlp-and-2-ways-it-doesnt Penetration testing's future has been caught in heated debate recently, sparked by Fortify Co-Founder and Chief Scientist Brian Chess' prediction that the practice would die off this year. Many IT security practitioners rose to pen testing's defense, calling it an indispensible tool for uncovering data breach attempts from inside and outside the organization. The truth is somewhere in the middle. http://www.itworld.com/security/65853/3-ways-penetration-testing-helps-dlp-and-2-ways-it-doesnt#comments Security Feature data protection penetration testing Mon, 06 Apr 2009 09:35:28 -0400 ITworld staff 65853 at http://www.itworld.com http://www.itworld.com/security/64502/fuzzing-and-product-security Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar. http://www.itworld.com/security/64502/fuzzing-and-product-security#comments Security Best practice analyst fuzzing penetration testing QA research security testing Wed, 18 Mar 2009 04:40:30 -0400 Ari Takanen 64502 at http://www.itworld.com http://www.itworld.com/security/59316/penetration-testing-dead-2009 Penetration testing: Security experts mention it all the time as one of the essential tools of defense-in-depth. Companies have raked in the dough selling the service and the tools for years. But is it possible that penetration testing -- the art of probing company networks in search of exploitable security holes that can then be fixed -- is an idea whose time is about to expire? http://www.itworld.com/security/59316/penetration-testing-dead-2009#comments Security Feature defense in depth penetration testing Tue, 16 Dec 2008 14:05:44 -0500 ITworld staff 59316 at http://www.itworld.com