Penetration Testing mailing list archives
RE: My Frustrations
From: "THOMAS, DEDRIC (ATTCLSMA)" <dt7089 () att com>
Date: Thu, 18 Dec 2008 15:42:48 -0600
I too understand all your frustrations and gripes, the true question is "What is considered a TRUE PEN-TESTER? We all have our expertise in a particular forum and need assistance at times, but to leverage a forum that is truly for informational and discussion based theories I believe is "SAD" and in itself highlights your inability to do your job. Not saying everyone should know everything, but you should take enough pride in becoming an ethical hacker to know that if you need help, solicit assistance from those who may be smarter than the average bear....lol...There's no way in this Industry, that if I'm having issues with a particular exploit that I would post that on a Public forum for someone to socially engineer my potential issues. Only time will separate the Geeks from the Wanna-be's, and if you are really a geek, you get a high from the challenge of engineering or hacking an exploit, and you don't want to share that with no one!!! Have a Geek Day! :-) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Besant Sent: Thursday, December 18, 2008 3:58 PM To: H D Moore Cc: pen-test () securityfocus com Subject: Re: My Frustrations H D Moore wrote:
On Wednesday 17 December 2008, Adriel T. Desautels wrote:I recently wrote this blog entry and wanted to get some comments from readers of this list. I'm frustrated with the caliber of the people that are offering security services and posing as experts, thats the subject of the post. Please comment, insult, whatever... I'm interested.I agree with it for the most part - half the questions posed to this list would immediately disqualify the person as an expert, let alone a professional. The experienced folks tend to just post announcements or reply back to the former group. I would love to see this list turn back into real discussions of pen-testing challenges, but publicly asking for help on a job as reputation-centric as pen-testing carries a stigma of its own. The last thing you want a potential client to see is your lead pen- tester asking for help on a SQL injection vulnerability. I really don't see a way forward. -HD
I think an important issue is that many of the people posting those questions to the list are failing to avoid the trap of performing purely subjective assessments. Pen-testing still retains some aspects of a black art to many, including clients; as tools and "for dummies" guides proliferate and such tools become easier to use, it becomes easy for those with minimal experience to put forth a seemingly convincing sales pitch. This includes established professional services organisations and consultancies as well as smaller establishments; I have seen reports from these organisations that are very much the reformatted Nessus output referred to in earlier responses. With this in mind I agree that there is no obvious way forward - unless some useful, international, easy-to-use, low-cost regulatory body were to suddenly pop into existence, perhaps. -- Nick ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Re: My Frustrations Step Two, (continued)
- Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Alex Moen (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 19)
- RE: My Frustrations Baykal, Adnan (CSCIC) (Dec 19)
- RE: My Frustrations Erin Carroll (Dec 19)
- Re: My Frustrations H D Moore (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- RE: My Frustrations THOMAS, DEDRIC (ATTCLSMA) (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- RE: My Frustrations suess13 (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- RE: My Frustrations Alex Eden (Dec 19)
- RE: My Frustrations Nick Vaernhoej (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Message not available
- Re: My Frustrations Pete Herzog (Dec 21)