The current security model is crazy. And the current crazy testing
methods actually make it look like it's not. I think that's why so
many people fail to see how broken the current consumer-ready security
model is. Look at the current attacks and how security companies, even
HUGE ones with their security measures and countermeasures built on
this model are letting the people hang.
This is how to pen test that scenario. This is how to pen test crazy.
The whole article is available at:
https://www.infosecisland.com/blogview/14651-How-to-Pen-Test-Crazy.html
Sincerely,
-pete.
--
Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org
Actually for a Pen-Test Standard, the guys that came up with this
standard are well-known, and spoke a Source Boston just a few months
ago. If you want to know how a real Pen-test should be conducted and
contain, and would like to contribute to the discussion I would check
out the page below.
http://www.vulnerabilitydatabase.com/2011/05/pen-test-standard-alpha-rel
eased/
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:eziots@lifespan.org
Cell:401-639-3505
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Pete
Herzog
Sent: Monday, June 20, 2011 3:42 PM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] How to Pen Test Crazy
The current security model is crazy. And the current crazy testing
methods actually make it look like it's not. I think that's why so
many people fail to see how broken the current consumer-ready security
model is. Look at the current attacks and how security companies, even
HUGE ones with their security measures and countermeasures built on
this model are letting the people hang.
This is how to pen test that scenario. This is how to pen test crazy.
The whole article is available at:
https://www.infosecisland.com/blogview/14651-How-to-Pen-Test-Crazy.html
Sincerely,
-pete.
--
Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org