Do We Still Need Pen Testing? presented at CircleCityCon 2015

by Jeff Man,

Summary : "How to Give the Best Pen Test of Your Life" left me hanging. I wanted to ask questions, get clarification, and most importantly suggest an alternative view of the purpose and goals of pen testing. This presentation is a follow-on or rebuttal to that presentation. The goal is to promote a conversation about pen testing that takes it to a higher level than ordinarily considered. I review, based on Skoudis' presentation, the key components of the "perfect" pen test, but take it farther to discuss the purpose, goals, and desired outcomes for pen testing. I present my notion of an ideal pen test, what it could/should be, how I came to this conclusion, and offer some direction for the future of pen testing.