I am migrating Constantly Learning to Medium. This post will eventually be located there and deleted here. If you found this article interesting or helpful you can stay up-to-date with posts like this by following me at Medium.
Penetration Testing is Stupid
Organizations are convinced they need penetration tests before they actually do. If your organization doesn’t have a security person on staff, you don’t need a penetration test. If you know their is low-hanging fruit that hasn’t been fixed you don’t need a penetration test.
In theory, penetration tests are supposed to simulate real word attacks. But, the scope and rules of engagement mean the test isn’t simulating real world attacks.
The presentation focuses on the 5 W’s - who, what, when, where, and why of penetration tests.
Slides
Video
Coming Soon.
Design Notes
#69D2E7
#A7DBD8
#E0E4CC
#F38630
#FA6900
blog comments powered by Disqus