Similarly, with automated vulnerability scanning tools, you may find missing patches and misconfigurations, but that's not the entire picture. I write often on the importance of using good tools to find security vulnerabilities. I strongly believe we can't live without them. The problem is it's easy to stop at automated vulnerability scans assuming they're omniscient. This is not true.
Without manual checks through the eyes of a malicious user or external attacker, we won't know which vulnerabilities can actually be exploited in the context of our networks. We also won't be able to see other usability-centric flaws that no tool would ever find.
Security assessments and five mistakes to avoid
Home: Introduction
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.
Email Alerts
This was first published in May 2007
