Dailydave mailing list archives
Re: Penetration Testing considered harmful today..
From: Val Smith <mvalsmith () gmail com>
Date: Mon, 19 Mar 2012 23:03:44 -0600
Sounds very similar to things ive been saying in my talks for years, particularly the part about not simulating real attackers. Specific adversary attack simulation is something we happen to do well, mostly because we also do alot of incident response and simulator development based on what we see in incidents. Fewer pentest orgs do ir, especially not full binary RE based ir, so its hard for them to transition to attack sims. Also common engagement scoping is not conducive to the most beneficial and complete styles of testing. Real testing is EXPENSIVE and takes a long time. Thankfully we are lucky with smart and forward thinking customers but in the industry there are definite signs of a bubble when it comes to traditional tests. Standard pentests are nearly useless ( for big business) and often detrimental. Tnx for the thought provoking talk. V. Haroon Meer <haroon () thinkst com> wrote:
Hiya(s) (This bounced around the twitters all day today but figured it would be interesting to hear thoughts from DD) At 44Con-2011 we did a presentation titled: "Penetration Testing considered harmful today" The central thesis of the talk is that penetration testing has established itself as a necessary activity for securing a network and is now pushed forward by a multi million dollar industry despite the clear signs that it is not helping all that much. A link to the annotated slides and the video can be seen at: http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html /haroon -- Haroon Meer | Thinkst Applied Research http://thinkst.com/pgp/haroon.txt Tel: +27 83 786 6637 _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com http://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com http://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Penetration Testing considered harmful today.. Haroon Meer (Mar 19)
- <Possible follow-ups>
- Re: Penetration Testing considered harmful today.. Val Smith (Mar 21)