Presented at
DeepSec 2013 „Secrets, Failures, and Visions“,
Unknown date/time
(Unknown duration)
In pentest/sec-audit projects main risk is not to fail to penetrate the system or find vulns in big enough software product, but to get your task right and explain your findings to the customer. Problem comes in many faces and on every phase of the project: goal setting from customer, system outline by IT, discussing progress or final presentation.
Missing means of communication or misuse of known is widespread tools of analysis and data representation is often the key to this problem: you can't discuss codes as is with CEO or explain your world of social enginiring tricks to system architect using charts.
This talk will cover what works and what fails in our day by day practice in pentest, security audit, forensics starting from general concepts and tools of analytics (text, charts, SWOT, gap) to domain-specific favorites adopted for our practice from OSSTMM, PTES, CSC.
Presenters:
-
Alexey Kachalin
- Advanced Monitoring
Over ten years in IT security testing and benchmarking, security audit, research and development.
Areas of interest: network security (attacks and detection), threat analysis, malware, cryptography, security audit.
Chief Inspirator in AdvancedMonitoring company managing security-related projects to happen and deliver worthy and actionable results.
Links: