Dailydave mailing list archives
B. Aggressive. B. E. Aggressive. (or "One 0day is enough")
From: dave <dave () immunityinc com>
Date: Tue, 27 Oct 2009 11:09:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When you go into security consulting engagements with a new business unit you usually face a few questions from the developers and business owners. "What is it exactly that you're going to tell us?" We always answer this the same way: "Things that will surprise you." Most developers have read a lot about security these days - they understand SQL Injection, Cross Site Scripting, access control, not to use their own cryptographics, and all sorts of other security truisms. What they can't possibly understand is how a hacker's mind works, and what they're likely to find. Even security specialists who have only worked defence often have never really seen a hacker go. Largely I think this is because there's a difference between someone playing cards with chips and someone with their house and life on the line. People say penetration testing is a model of an attacker. But how do you model obsession? - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkrnDTQACgkQtehAhL0ghepPdgCfVAz0n5rERBmfuE0sXA0ErYKf UtAAn2mWY0d6PoxYyYc6fanYCn10tj/8 =pWSW -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- B. Aggressive. B. E. Aggressive. (or "One 0day is enough") dave (Oct 27)