INTRODUCTION
Today’s world runs on technology. Nearly every business benefits from – and relies on – technology in one form or another. The use of technology has brought tremendous advantages to society by making services, features and knowledge more readily available than ever before. We can communicate across the planet (and, in fact, across the universe) in seconds, and can effectively control millions of devices instantly – something we could never have done previously through simple human action.
The use of technology also, however, presents several risks to society. By using it, we develop a greater reliance on devices that lack the sense of judgment and discriminatory thought that a knowledgeable person would have. Such devices may provide us with erroneous data and cause us to make incorrect assumptions, errors in judgment or action, and possibly even seriously injure or harm society, finances and individuals.
To correctly deploy technology is a serious challenge – one that requires constant education, practice and testing. Moreover, the use of technology must always be seen in context. Technology is not an end in itself, it is not the magic answer to every problem, and it should never be implemented just for the sake of using a new tool or because it is available. Technology has one purpose, and that is to support the mission or objectives of the user/organization. As we will see through this book, the proper use of technology starts long before the technology itself is purchased. It starts with defining the business
objectives and then designing the best solution for to meeting those objectives.
Despite the best intentions of designers, architects, developers and operations staff, technology is still subject to failure, breaches and compromise. Equipment, processes and people require careful monitoring and regular testing to ensure that the systems, networks, applications, security equipment and other technologies are working in a secure, reliable manner, and that they are not presenting new opportunities for attack against the organization.
Testing is the key to providing assurance of the correct implementation and operation of technology, and this book will examine the skills and techniques used by a professional penetration tester to provide the accurate, thorough and meaningful reports that their clients or management teams need on the secure operation of systems and equipment.