At our next meeting, Tony will be giving his presentation titled:
Stupid Things Pentesters Do: Frustrations of an Internal Security Guy.
Many of us have heard about point n click pentesters and firms that deliver Nessus reports as penetration tests. That is not what this talk is about. It is about penetration testers not only failing to deliver value but also creating scenarios that create additional risk for their customers. Testing often creates availability concerns but far more importantly, improper testing activities and ignorance of data handling can generate significant exposure of sensitive information. Even worse, customers don’t know what to expect from their consultants and this disconnect creates a scenario where the business value they were hoping to realize never materializes and they never realize how badly they just got punk’d. And paid for the privilege. But at least the auditor is happy. Join us as we explore some of these issues and identify how customers can become smarter consumers, consultants can build a stronger brand and protect their customers interests. Truly, unicorns will fart rainbows and kittens and shellcode.