Get started Bring yourself up to speed with our introductory content.

Are required tools and people available to complete work on schedule?

Resources like employees and tools can make or break a security site assessment. Learn what resources are necessary to complete the security site assessment on time.

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

Licensing for any software tools should be obtained specific to client. For example, commercial security vulnerability scanning tools typically require license keys specifically tailored to client IP addresses and/or URLs. Some of the more common tools used in security assessments include network scanners, Web application scanners, host assessment scripts, database analysis software, wireless access point detection gear, fuzzers and source/binary code review software. Specialists/technicians should be available as scheduled to perform their work so that downstream dependencies don't have to wait (e.g., the SQL expert should schedule his analysis so that the dependent Web application security review can also be completed in a timely manner).

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.