Penetration Testing mailing list archives
Re: Verify Your Security Provider -- The truth behind manual testing.
From: Derek Fountain <derekfountain () yahoo co uk>
Date: Fri, 17 Jul 2009 22:35:47 +0100
However, I take issue with this:• Ask them for the names of their security experts and then use tools like Google, LinkedIn, Facebook and PIPL to do research on those experts. If nothing comes up then chances are their experts aren’t experts at all.
Yeah, I bristled at that too - apparently if you're not on those sites you can't be an expert!
I was actually more aggrieved on the final point: the assumption that an organisation that hasn't publicly demonstrated its research capabilities on a selection of websites can't perform quality testing. Maybe I misunderstand the point? It appears to be saying that in order to demonstrate my abilities I should be doing research on, er, unspecified things, then publishing the results of my research on the given vulnerability databases? Personally, I don't do "research" of that nature; what's the argument that says I need to do that in order to be able to do quality testing on client's systems?
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Verify Your Security Provider -- The truth behind manual testing., (continued)
- Re: Verify Your Security Provider -- The truth behind manual testing. Tim (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Tim (Jul 17)
- Message not available
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Justin Ferguson (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Tim (Jul 17)
- Message not available
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- RE: Verify Your Security Provider -- The truth behind manual testing. Geoff Galitz (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Justin Ferguson (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Aarón Mizrachi (Jul 19)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 22)