
Penetration Testing mailing list archives
Re: White box pentesting
From: Joey Peloquin <joeyp () cotse net>
Date: Wed, 01 Oct 2008 08:23:54 -0500
dimkovtrajce () yahoo com wrote:
Hi pentesters, i am planing to spend a considerate time of my phd (3 years) on developing a model/algorithm/tool that will help pen testers during white box penetration testing where they look at physical security of the building as well as pentesting when they are allowed to use social engineering. Before I start, i would like to know: 1. How often do you do whitebox pentesting? 2. How often are you pentesting physical security as part of the test? 3. how often are you allowed to use social engineering as part of the test? It will help me decide if i should continue working on this field, or switch to another. Thank you in advance, Dimkov
Hey Dimkov, 1. Rarely 2. Never 3. Almost neverIn my experience, companies usually already know that physical security and susceptibility to social engineering are their weak spots, and aren't interested in paying us to tell them what they already know.
Furthermore, the vast majority of companies out there have a "check in the box" mentality and therefore do the bare minimum to satisfy whatever requirement is motivating them to do a PT in the first place. There are exceptions, of course, but day to day, I find this to be the prevailing attitude.
Good luck with your project. -jp --"Companies will say, "We can Web 2.0ify your existing applications in 15 minutes - we've got a wrapper". These people are charlatans, and you should punch them in the face. They are taking your back-end database tiers and moving them to the perimeter." - Billy Hoffman, HPSW Security Labs
------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: White box pentesting Joey Peloquin (Oct 01)
- Message not available
- Re: White box pentesting Joey Peloquin (Oct 02)
- Message not available
- <Possible follow-ups>
- Re: White box pentesting Martin Zember (Oct 01)
- RE: White box pentesting Kaminski, Lorenz (Oct 01)
- RE: White box pentesting John Babio (Oct 02)
- RE: White box pentesting Menerick, John (Oct 02)
- RE: White box pentesting John Babio (Oct 02)