Penetration Testing mailing list archives
RE: Verify Your Security Provider -- The truth behind manual testing.
From: "Geoff Galitz" <geoff () galitz org>
Date: Sat, 18 Jul 2009 11:14:15 +0200
But why wouldn't a company that offers penetration testing services offer up any research that it did in the form of advisories? What is the point of doing that research if you never use it to help vendors help their customers fix risks?
Sometimes a firm hires experts for penetration testing on spec for internal research. Some companies are being proactive about their security and resolving their issues before their customers or third parties discover them. Those advisories are typically kept private for internal research. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Verify Your Security Provider -- The truth behind manual testing., (continued)
- Message not available
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Justin Ferguson (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 18)
- Message not available
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- RE: Verify Your Security Provider -- The truth behind manual testing. Geoff Galitz (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Justin Ferguson (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Aarón Mizrachi (Jul 19)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 22)