Educause Security Discussion mailing list archives
Re: Penetration Testing vs the academic world
From: Leandro Quibem Magnabosco <leandroqm () GMAIL COM>
Date: Fri, 13 Jan 2012 16:31:34 -0200
Hello! 2012/1/12 Morrow Long <morrow.long () yale edu>
I recommending talk to faculty in the computer science departments at major universities.
Sure thing. I'll do that.
But, as a practitioner, here is some fertile ground for Master’s Thesis research papers in the area of computer and network penetration testing (AKA ‘extreme’ vulnerability testing):**** **· **Building automated tools for maximum or complete test coverage.**** **· **Proving the effectiveness of formal network penetration testing methodologies and frameworks.**** **· **Analysis on how attackers attempt to break into computers (using honeypots or honeynets) in order to model their behavior using penetration testing.**** **· **Proving or dispelling the practice/control/myth of password controls (quality, aging, etc.). Our faculty users are always asking us for peer-reviewed academic research papers showing us why they should have to change their password (every year). Unfortunately the best known recent paper on this topic by Microsoft researcher Cormac Herley and Paul C. van Oorschot (Carleton University, Ottawa, Canada) unfortunately tends to prove the opposite (that the cost and effort of password quality and aging often apparently aren’t worth it). I need someone to write a paper to prove that they are worth it – so will you go ahead and write it? [Just kidding…..] http://research.microsoft.com/apps/pubs/?id=154077 http://research.microsoft.com/pubs/154077/Persistence-authorcopy.pdf (Preprint)**** **· **I think another great research topic is on social engineering via social networks for penetration testing. Just for fun here is what I was able to find out what public information was on the Internet about you from some quick research / recon :**** **o **Google+ page : https://plus.google.com/104286409358585115635/about **** **§ **There are 249 people’s photos and names listed in your Google+ ‘circles’. You may want to tighten this down.**** **§ **There are another 244 people’s photos and names in which you are listed in their Google+ ‘circles’.**** **o **Google Buzz: https://profiles.google.com/104286409358585115635/buzz - mostly links to a number of YouTube and other videos**** **o **Picasa web album: https://plus.google.com/photos/104286409358585115635/albums?banner=pwa - almost no photos**** **o **YouTube Channel: http://www.youtube.com/user/leandroqm** ** **§ **You’ve uploaded 39 videos (they appear to be videos of your family) and listed 261 videos as your favorite.**** **o **Facebook: http://www.facebook.com/leandroqm**** **§ **You were born on June 27, 1982. Come from Joaçaba<http://www.facebook.com/pages/Joa%C3%A7aba/111452215538605>in Brazil. Live currently in Florianópolis, Santa Catarina<http://www.facebook.com/pages/Florian%C3%B3polis-Santa-Catarina/106339232734991>, Brazil. You went to high school at the Colégio Coração de Jesus<http://www.facebook.com/pages/Col%C3%A9gio-Cora%C3%A7%C3%A3o-de-Jesus/102128923162345>. You like bicycling.**** **§ **In music you like : Disturbed, Mudvayne, Phanatic, David Guetta and deadmau5.**** **§ **In movies you like anime and sci fi. There is a list of movies and books (including some info security books).**** **§ **You know Brazilian (Portuguese), Spanish, Japanese, English.**** **§ **You appear to be identifying yourself as an atheist (but you are fairly young yet and that could change).**** **o **Twitter: http://twitter.com/leandroqm**** **§ **You want to graduate with a Ph.D. and become a full-time pen tester and web apps security researcher.**** **§ **You were asking about persistent threats as a research topic for a paper back in November.**** **o **About.me: http://about.me/leandroqm**** **o **Foursquare: https://foursquare.com/leandroqm**** **§ **You ate at an Outback Steakhouse in Curitiba, PR and had an excellent house salad and thought the waitress Angel was an angel.**** **o **LinkedIn: http://www.linkedin.com/pub/leandro-magnabosco/15/54b/90a (244 connections)**** **§ **You are a Master’s student in Computer Science at Universidade Federal de Santa Catarina (ufsc.br) which you entered in 2011 and from which you hope to graduate in 2014**** **§ **Previously you attended :**** **· **Senai - Centro de Tecnologia em Automação e Informática**** **· **Universidade do Sul de Santa Catarina (undergraduate?)**** **§ **You’ve worked as a consultant in the past for TIForte (2010/6 – 2011/10) and FCDL/SC (2009/6 – 2010/3).**** **§ **…**** Morrow**** ** **
The first ones are more the style I'm looking for, so thank you. I liked all your suggestions, thought some of them fits better in the industry world. Still taking more suggestions, if anyone have it! :) Thanks!
Current thread:
- Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)
- Re: Penetration Testing vs the academic world Morrow Long (Jan 12)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 13)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)