Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Penetration Testing - Human Factor
From: Joey Peloquin <joeyp () cotse net>
Date: Tue, 29 Aug 2006 15:11:55 -0500

StyleWar wrote:
lol

With respect, I think that's a greater commentary on your contracting
methods than it is on what's available. The Pen-Tests I have run include

Yeah, well, I work for a fortune 50 company, and it's just come to my
attention that my boss doesn't give a crap about whether our pen-testers
"get in".  He just doesn't want any work to do (read: audit items).  He
said, and I quote, "Your standards are too high, and you probably wouldn't
be happy with any pen-tester we brought in."

And yeah, I'm thinking what you're thinking..my CV is getting updated now.

everything from physical, to logical, to social/administrative.  The
customer has had to opt out on specific methods and attack trees as part of
the preengagement process.

-

StyleWar

Sounds great..exactly what we go through.  Also sounds like you're not the
cookie-cutter (Qualys/Nessus, Nikto, NMAP anyone) type contractor that
Fortune 50 customers get stuck with.

That said, we *did* have one good pen-test.  ~2 years ago we paid ISS 40K;
they had a trophy from an obscure, forgotten webapp within two days.  I've
also gotten a shitty pen-test from ISS, so YMMV.

-jp


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]