Penetration Testing mailing list archives
Re: Verify Your Security Provider -- The truth behind manual testing.
From: Justin Ferguson <jnferguson () gmail com>
Date: Sat, 18 Jul 2009 02:28:59 -0700
I'm a pentester, but i have to say that pentest is only the first stage when you show the impact and risk of an attack to justify a more extensive and white box based security plan.
I'm curious as to your reasoning for not just skipping the foreplay assessment and selling the customer what they apparently needed in the first place (whitebox review), and to consider the ethical implications of charging your customer X thousand dollars for a service which is just the precursor to the service they needed/youre going to recommend at the end. Sans DRM, anti-debugging/disasm, et cetera related engagements, why would a blackbox assessment ever be better for improving the security of a client? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Verify Your Security Provider -- The truth behind manual testing., (continued)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- Re: Verify Your Security Provider -- The truth behind manual testing. Mike Messick (Jul 18)
- Message not available
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 17)
- RE: Verify Your Security Provider -- The truth behind manual testing. Geoff Galitz (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Justin Ferguson (Jul 18)
- Re: Verify Your Security Provider -- The truth behind manual testing. Aarón Mizrachi (Jul 19)
- Re: Verify Your Security Provider -- The truth behind manual testing. Adriel T. Desautels (Jul 22)