Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verify Your Security Provider -- The truth behind manual testing.

From: Derek Fountain <derekfountain () yahoo co uk>
Date: Fri, 17 Jul 2009 22:35:47 +0100
However, I take issue with this:
• Ask them for the names of their security experts and then use tools like Google, LinkedIn, Facebook and PIPL to do research on those experts. If nothing comes up then chances are their experts aren’t experts at all.
Yeah, I bristled at that too - apparently if you're not on those sites you can't be an expert!
I was actually more aggrieved on the final point: the assumption that an organisation that hasn't publicly demonstrated its research capabilities on a selection of websites can't perform quality testing. Maybe I misunderstand the point? It appears to be saying that in order to demonstrate my abilities I should be doing research on, er, unspecified things, then publishing the results of my research on the given vulnerability databases? Personally, I don't do "research" of that nature; what's the argument that says I need to do that in order to be able to do quality testing on client's systems? 

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: