Dailydave mailing list archives
Re: New presentation is up: 0days: How hacking really works
From: Tom Parker <tom () rooted net>
Date: Tue, 1 Feb 2005 15:02:57 +0000 (GMT)
On Tue, 1 Feb 2005, Kevin Ponds wrote:
Excellent presentation. One thing that I've been turning over in my mind, and hopefully should bring up a decent discussion is this: Assume the not-so-distant future (or present) is ruled by 0day, which I totally agree with you on. What is the value-added from pen-testing/auditing?
uh. 0days have always been about, nothing is going to 'change' and the argument about the value of penetration testing is also not going to change, at least for the foreseeable. To this end, I find the inference that '0day will rule the future, so scanning for known issues is of no value', rather facetious. It's simple, you scope out a penetration test based on your customers needs, threat profile and budget. I dont think that there is any inference that this will create a state of 100% invulnerability, there never has been and there never will be. If you are dealing with a bank, the chances are that they are looking to either satisfy their internal or government audit dpt (in the UK the FSA for example) or just raise the bar a little. Or are you suggesting that folks leave the low hanging fruit right where they are, since there are 0days which effect them, so they're going to get owned anyway? -Tom _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- New presentation is up: 0days: How hacking really works Dave Aitel (Jan 29)
- Re: New presentation is up: 0days: How hacking really works Kevin Ponds (Feb 01)
- Re: New presentation is up: 0days: How hacking really works Tom Parker (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks halvar (Feb 01)
- Re: New presentation is up: 0days: How hacking really works robert (Mar 19)
- Re: New presentation is up: 0days: How hacking really works Kevin Ponds (Feb 01)