Penetration Testing: Re: Verify Your Security Provider -- The truth behind manual testing.

[Tim <tim-pentest () sentinelchicken org>]

>       Anyway, I didn't say Only use facebook did I? Use any means
> possible.  Bottom line is though, if the company has researchers, then
> the company will have published advisories.  If they've done that, then
> you should be able to get a good idea of their capability by doing
> research on their research.
Yeah, I agree that something novel should be getting generated.
Perhaps a better way to go about obtaining it, is simply to ask your
vendor what research their consultants have published.  For instance
most of what I publish isn't tied directly to my company as I do quite
a bit of it on my own time.


>       Btw, if you comment on the blog, I might post it. :)
Call me old school, but I actually like mailing lists...

cheers,
tim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------