Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: dave (daveimmunityinc.com)
Date: Tue Oct 27 2009 - 10:09:40 CDT
-----BEGIN PGP SIGNED MESSAGE-----
When you go into security consulting engagements with a new business
unit you usually face a few questions from the developers and business
owners. "What is it exactly that you're going to tell us?"
We always answer this the same way: "Things that will surprise you."
Most developers have read a lot about security these days - they
understand SQL Injection, Cross Site Scripting, access control, not to
use their own cryptographics, and all sorts of other security truisms.
What they can't possibly understand is how a hacker's mind works, and
what they're likely to find. Even security specialists who have only
worked defence often have never really seen a hacker go.
Largely I think this is because there's a difference between someone
playing cards with chips and someone with their house and life on the
line. People say penetration testing is a model of an attacker. But how
do you model obsession?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Dailydave mailing list