next up previous contents
Next: Integration into the IT Up: Pen-Tester : The job Previous: Pen-Tester : The job   Contents

Presentation

Pen-Tester is the abbreviation for Penetration-Tester. A Pen-Tester is a security specialist whose job it is to test a network, i.e. to try to penetrate into it and gain Administrative rights on it. That sounds a lot like hacking1, doesn't it ?

Technically, pen-testing and rooting2 a machine/network is almost the same. The main difference being that the pen-tester will try to avoid causing any kind of destruction (software as well as hardware) on the machines he hacks into. That means that, *theorically*, he won't ever crash any services on servers or try any attacks that could put a production unit down. Of course, a pirate wouldn't mind such operations, which could even be his end. Another point is that pen-testers don't use social engineering3 for ethical reasons.[3, FTPI]

In fact, the main difference between a pirate and a pen-tester is that he is payed to do so by the company. He is legally authorized to test the machines and does so for the wealth and the sake of the enterprise.

In fact, all this is precisely the strength of pen-testing : testing the networks using the same techniques as pirates but in a legal context. Indeed, this gives a much higher degree of safety to networks because they're tested the way they could be hacked. That is also what gives pen-testing its almost magical side given all the myth that surrounds pirates and their skills.


next up previous contents
Next: Integration into the IT Up: Pen-Tester : The job Previous: Pen-Tester : The job   Contents
Christian Vincenot 2004-04-12