Presented at
DerbyCon 1.0 (2011),
Unknown date/time
(Unknown duration).
Let’s assume you need heart sugery. I hope you don’t, but let’s just stick with it for a minute. How much would you be willing for someone to fix it and who would you hire to do it? If you are a suicidal emo kid, please don’t answer, you are ruining the point here. People want someone knowledgable to cut them open and sew them up and they are willing to pay good money for it. Here are two things you don’t want:
1) You don’t want to hire some old drunk with a pocket knife and a sewing kit from the dollar shop which claims to fix your heart for 100 bucks.
2) You don’t want to hire the same guy for 100’000 bucks when he’s wearing a white coat and got shiny high tech tools because the last guy paid in advance…
What does this have to do with penetration testing? More than we like. I have met companies that invested thousands of dollars, expecting a pentest and getting a spiced up Nessus report as a result. More subtle nuances of “crappy pentest” might overlook essential threats and leave customers at risk with a false sense of security.
Presenters:
-
Stefan Friedli
as Stefan Friedli (Twitter: stfn42)
Stefan Friedli is a senior security consultant and leads the red team at scip AG in Switzerland. He is also one of the founders of the PTES (Penetration Testing Execution Standard, http://www.pentest-standard.org) which, much like this talk, tries to fix penetration testing. He also organizes the hashdays conference in Switzerland.
Similar Presentations: