Pen Testing - Moving from Art to Science

Presented at Notacon 8 (2011), April 16, 2011, 7 p.m. (60 minutes).

Pen Testing has evolved greatly over the years, but it is still more an art than a science. Tests performed by different professionals often yield wildly varied results. Even the same person or team repeating the same test can end up with different outcomes. This may cause a mess, and limits the value which can be derived from a Pen Test. To move our field forward we need to be able to produce measurable and consistent results. This talk will cover the art of Pen Testing and suggest a line we can draw to move this art form into the 21st century as a science.

Presenters:

• Matthew Neely
  Matt Neely is the Profiling Team Manager at SecureState where he leads a team that performs traditional and physical penetration tests, web application security reviews and wireless security assessments. Matt is a host on the Security Justice podcast, and spends his free time wearing kilts, hacking all things wireless and collecting pens.

Links:

• https://web.archive.org/web/20110518153329/http://www.notacon.org/speakers.php#MattN
• https://infocon.org/cons/notacon/notacon 8 - 2011/pen testing moving from art to science.mp4

Similar Presentations:

• DEF CON 16 (2008) / Pen-Testing is Dead, Long Live the Pen Test
• GrrCON 2014 / Application Pen Testing
• DerbyCon 3.0 All in the Family (2013) / So you want to be a pentester?