|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Justin Ferguson (jnferguson
gmail.com)
Date: Sat Jul 18 2009 - 04:28:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I'm a pentester, but i have to say that pentest is only the first stage when
> you show the impact and risk of an attack to justify a more extensive and
> white box based security plan.
I'm curious as to your reasoning for not just skipping the foreplay
assessment and selling the customer what they apparently needed in the
first place (whitebox review), and to consider the ethical
implications of charging your customer X thousand dollars for a
service which is just the precursor to the service they needed/youre
going to recommend at the end.
Sans DRM, anti-debugging/disasm, et cetera related engagements, why
would a blackbox assessment ever be better for improving the security
of a client?
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]