Penetration Testing mailing list archives
Re: Penetration Testing - Human Factor
From: Joey Peloquin <joeyp () cotse net>
Date: Tue, 29 Aug 2006 15:11:55 -0500
StyleWar wrote:
lol With respect, I think that's a greater commentary on your contracting methods than it is on what's available. The Pen-Tests I have run include
Yeah, well, I work for a fortune 50 company, and it's just come to my attention that my boss doesn't give a crap about whether our pen-testers "get in". He just doesn't want any work to do (read: audit items). He said, and I quote, "Your standards are too high, and you probably wouldn't be happy with any pen-tester we brought in." And yeah, I'm thinking what you're thinking..my CV is getting updated now.
everything from physical, to logical, to social/administrative. The customer has had to opt out on specific methods and attack trees as part of the preengagement process. - StyleWar
Sounds great..exactly what we go through. Also sounds like you're not the cookie-cutter (Qualys/Nessus, Nikto, NMAP anyone) type contractor that Fortune 50 customers get stuck with. That said, we *did* have one good pen-test. ~2 years ago we paid ISS 40K; they had a trophy from an obscure, forgotten webapp within two days. I've also gotten a shitty pen-test from ISS, so YMMV. -jp ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: Penetration Testing - Human Factor, (continued)
- Re: Penetration Testing - Human Factor R. DuFresne (Aug 22)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Catsworth (Aug 22)
- RE: Penetration Testing - Human Factor KeenerPB (Aug 22)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Message not available
- Re: Penetration Testing - Human Factor K K Mookhey (Aug 23)
- RE: Penetration Testing - Human Factor Robert D. Holtz - Lists (Aug 23)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Pen-testing/auditing MS Exchange Servers. Serge Vondandamo (Aug 24)
- RE: Pen-testing/auditing MS Exchange Servers. Justin Polazzo (Aug 25)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 29)