Tiger Team Member Attacks Developers, Not Apps

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/document.asp?doc_id=164643

By Kelly Jackson Higgins
Senior Editor
Dark Reading
SEPTEMBER 25, 2008

Chris Nickerson can gain access to a Web application without ever 
touching it -- with just the right amount of reconnaissance, the 
so-called Tiger Team hacker can infiltrate the development team and 
compromise their machines.

“I can get into the application from the back side while on the outside, 
without touching” the app, says Nickerson, who gave attendees of the 
Open Web Application Security Project (OWASP) USA conference in New York 
today a taste of what he considers the big-picture cyber threats to 
organizations, targeted attacks for money or corporate espionage. 
“Closing all the holes in a Web application doesn’t make you secure,” he 
says.

Most Web application security testing is focused on searching for 
vulnerabilities, he says, but that’s not as comprehensive as his brand 
of tiger team, or red team, testing that assesses physical and 
electronic security as well as social engineering weaknesses. “Red 
teaming provides comprehensive testing."

Nickerson, who along with colleagues Ryan Jones and Luke McOmie starred 
in the reality TV show Tiger Team that aired briefly on CourtTV, says 
the red team testing approach is more realistic for assessing the risks 
to an organization.

[...]

__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/