I Am Security

Tag: penetration test

  • Defense through Offense, and how APT fits there

    I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

  • Defining Penetration Testing

    I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid definition of what a penetration testing is. It has been a topic that has been abused, cannibalized, and lowered to a level where we (as in…

  • Learning from stux, and connecting more dots in infosec

    Learning from stuxnet on how we are exposed to similar attacks. Connecting the dots between technology, society, and the human factor when talking about cyberwarfare.

  • Pentesters and businessman are doing it wrong

    What we are doing wrong as a security services industry, what businesses are doing wrong when they engage us, and how to fix it

  • The realistic cost of a web application pen-test

    So I was having some really interesting conversations over the last couple of days with some of the best people I know in the security industry (yeah, I’m looking at you guys…), and one topic came up on which we all agreed and shared mutual frustrations about: the ability to evaluate the quality of a…