Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's hiring a pen tester, and there is a market for it, but companies don't do it as much as they should because it costs money while the app already "works" and brings in revenue. Of the 3 I've worked at, only one had yearly pen tests done.


No one hires someone to test what happens when a bridge is shot with a missile from 6000 miles away. The bridge "works" in the same way that the software "works".


A software penetration tester has the same techniques and suite of tools for pwning as "the internet".


I don't see how that statement follows mine. Can you connect them at all?


I thought you were making the comparison that a pentester is like a missile shot at a bridge whereas the internet is the army walking over the bridge.


Oh, I see. No, the missile is a hacker attacking your software remotely. Bridges are just accepted that they will collapse if deliberately attacked by a determined attacker. Software is held to a higher standard, not a lower one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: