Home page logo

pen-test logo Penetration Testing mailing list archives

Re: RE: What is being a pen tester really like? (fwd)
From: paul_boam () yahoo com
Date: 3 Aug 2006 12:30:42 -0000

The best pen testing firms impose QA through CESG CHECK team leaders. Unfortunately that doesnt protect you as the 
customer from either the pen tester having a bad day/hangover or a new vulnerability or better tool/exploit occuring 30 
minutes after your pen test has just finished.

If I had just run nmap against a target and found all but 80 and 443 open with everything else filtered, no old 
OS/versions and nikto came back with what turned out to be 10000 false positives I would be inclined to look for an 
easier target.

All of these results are relatively easily implemented through anti reconnaisance techniques. These techniques make 
sure that the target is not attractive to a would be attacker and although they dont replace a proper layered security 
architecture, they do significantly reduce the threat. Anyone playing iso27001 will see the risks drop significantly, 
and whats more it's easier to teach people to harden than it is to pen test, which is often intuitive once you get past 
a tools capability.

Pen testing has been described as a burglar finding the open window, then spending most time explaining how he stole 
the video recorder, dvd, tv, fridge, etc etc etc.... you could stop all this however by closing and locking the window. 
You could even put a dummy burglar alarm up outside if you get my drift.

Before embarking on a career in pen testing take a look at a career in hardening. Its of much greater value to the 
client in every sense.


This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]