what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Tuesday, October 05, 2010

Bad Security Service adds up sum to Losses after a threat succeeds

One funny thing i have learned is that several Security Vendors dont really test security effectively even when contracted to do so. Others may say its more of jurisdiction purposes or the scope, but i think if you are paid to minimize risks for a corporation you should do it at the best value possible.

This comes to the topic pentest. A lot of the vendors don't understand what pentest is and thus, that affects their clients, so leaving them at a greater risk due to the fact they leave, telling them they are secure and so letting them, let gaurd down.

One of the Pentest report i got hold of was explaining how there were open ports which they dint or were not able to exploit but had holes as seen from a scanner. To keep it short, should a pentest report have False positives. No, its should have info on entries that were used to get into the target.

They problem is that the above may require a team which is qualified, talented, intelligent and advanced in the field. Lemmie know your thoughts


1 comment:

ID_M aka ..BLuR said...

thr is no patch for human flshns...
they jus never learn.