Re: New presentation is up: 0days: How hacking reallyworks

[Ron Gula <rgula () tenablesecurity com>]

At 04:17 PM 2/1/2005, Kevin Ponds wrote:
> I'm not suggesting that you guys should quit your jobs, or that deep
> pen-testing isn't value adding.  I just think that these guys who come
> in, start their automated scanning tool (which is usually rebranded
> nessus), get drunk while its running, and collect money are kind of
> worthless.

Yeah, but lots of folks are used to paying large sums of money
for this so they are "compliant". Even if I can sprinkle the IBM
magic pixie dust on all my systems so they are patched 100% 24x7,
I still need to prove this to the auditors who are in my hair.

If things get *that* good from a patch level, we'll probably start
to focus more on network change as in - gee, your web server does
not have any known vulnerabilities, but what business function
does it really serve?

Ron Gula

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave