Re: New presentation is up: 0days: How hacking really works

[Tom Parker <tom () rooted net>]

On Tue, 1 Feb 2005, Kevin Ponds wrote:

> Excellent presentation.
>
> One thing that I've been turning over in my mind, and hopefully should
> bring up a decent discussion is this:
>
> Assume the not-so-distant future (or present) is ruled by 0day, which
> I totally agree with you on.  What is the value-added from
> pen-testing/auditing?

uh. 0days have always been about, nothing is going to 'change' and the
argument about the value of penetration testing is also not going to
change, at least for the foreseeable. To this end, I find the inference
that '0day will rule the future, so scanning for known issues is of
no value', rather facetious. It's simple, you scope out a penetration
test based on your customers needs, threat profile and budget. I dont
think that there is any inference that this will create a state of 100%
invulnerability, there never has been and there never will be. If you
are dealing with a bank, the chances are that they are looking to either
satisfy their internal or government audit dpt (in the UK the FSA for
example) or just raise the bar a little.

Or are you suggesting that folks leave the low hanging fruit right where
they are, since there are 0days which effect them, so they're going to
get owned anyway?

-Tom

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave