Description: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-banks-carric.pdf
This talk explores the death and subsequent re-birth of the penetration test. Comprised of conclusions drawn from the collective experiences of two seasoned pen-testers, our talk is filled with facts, fun and rhetoric. We will describe the landscape, the problems, and offer real solutions.
In our talk, we will explore the problems with modern-day pen-tests and pen-testers, and ways to stand out amongst the frauds selling their lackluster vuln-scan services under the guise of a true penetration test.
We discuss penetration tests that are overly tool-driven and/or lacking in methodology as well as pen-testers who lack the experience and creativity to identify the architectural problems that real attackers frequently exploit.
Along the way, we'll discuss the difficulties faced by real penetration testers and complement these with real-world war-stories to provide both context and comic relief.
Most importantly, we'll discuss how to solve these problems, through contributions to open methodologies, transparency in process, and shifts in technological paradigms. We'll tell you how to deal with the latest technologies, even those that change day-by-day. For those that take penetration testing seriously, this talk will be a fun, informative and enlightening presentation on the things we need to do to keep pen-testing worthwhile. Attendees will learn how to perform pentests accurately and obtain compelling and valuable results that ensure real return on investment for their clients.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.