Are required tools and people available to complete work on schedule?

Resources like employees and tools can make or break a security site assessment. Learn what resources are necessary to complete the security site assessment on time.

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

Licensing for any software tools should be obtained specific to client. For example, commercial security vulnerability scanning tools typically require license keys specifically tailored to client IP addresses and/or URLs. Some of the more common tools used in security assessments include network scanners, Web application scanners, host assessment scripts, database analysis software, wireless access point detection gear, fuzzers and source/binary code review software. Specialists/technicians should be available as scheduled to perform their work so that downstream dependencies don't have to wait (e.g., the SQL expert should schedule his analysis so that the dependent Web application security review can also be completed in a timely manner).

This was first published in May 2008

Dig deeper on Introductory Security Services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close