1. InfoconDB
  2. ToorCon
  3. ToorCon San Diego 16 (2014)
  4. Penetration Testing: Beware of Script Kiddies

Penetration Testing: Beware of Script Kiddies

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 3 p.m. (20 minutes).

Security audits are becoming more frequent and common, whether by choice or required for compliance, amongst companies big and small. These companies, in many cases, are hiring outside firms to come in and assess their systems to fulfill a requirement and check the box. The outcomes of the assessments vary from firm to firm, but do the results align? Does a successful assessment really measure how secure you are? Going through the security audit can be challenging and frustrating and leave the company with more questions than answers. It is important to understand common findings, what a script finds and what a true manual exploration can find. This talk will discuss findings found in the field during assessments that top scanners and scripts did not detect that led to partial or complete compromise.


Presenters:

  • William Bengtson
    William Bengtson is a Security Consultant for Cigital, Inc. specializing in Network and Red Team Assessments. Mr. Bengtson has over 7 years of experience in a variety of roles including Security Architect Lead, Application Developer, and Certification Lead. Mr. Bengtson has worked on a number of critical business line products and projects for Raytheon Company and Hewlett-Packard. Outside of his day to day work, Mr. Bengtson spends time researching new and innovative concepts in network and application security.