|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dave (dave
immunityinc.com)
Date: Tue Oct 27 2009 - 10:09:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When you go into security consulting engagements with a new business
unit you usually face a few questions from the developers and business
owners. "What is it exactly that you're going to tell us?"
We always answer this the same way: "Things that will surprise you."
Most developers have read a lot about security these days - they
understand SQL Injection, Cross Site Scripting, access control, not to
use their own cryptographics, and all sorts of other security truisms.
What they can't possibly understand is how a hacker's mind works, and
what they're likely to find. Even security specialists who have only
worked defence often have never really seen a hacker go.
Largely I think this is because there's a difference between someone
playing cards with chips and someone with their house and life on the
line. People say penetration testing is a model of an attacker. But how
do you model obsession?
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkrnDTQACgkQtehAhL0ghepPdgCfVAz0n5rERBmfuE0sXA0ErYKf
UtAAn2mWY0d6PoxYyYc6fanYCn10tj/8
=pWSW
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]