a) We will do for you a Polymorphic Testing
There is nothing like Polymorphic Testing, there are three types of testing, Blackbox, Whitebox and Graybox. Polymorphic is part of Advanced Persistence Threat Assessment which is mainly used on a BlackBox Penetration testing. It works together with Social Engineering Assessment, RedTeam Assessment and External Assessment.
b) We will do a BlackBox Assessment
There is nothing ever, forever ever called Blackbox Assessment. This is used by a lot of companies to justify why they can't use other Assessments to issue a full test on your organization. Its called BlackBox Penetration Testing
c) Red Team is not a part of Testing
F%^%&^&& sh%%^%!!! Red team Assessment is part of BlackBox. Blackbox comes from the word Blackhat, and who are the biggest Blackhats ever, yes; the Government. They do all this on you a lot. Protect yourself from these guys especially the Rogue Government operators.
d) We will do a Pentest in 3, 4, 5, 10 days
Holy sh*$^!! Who does that!!!!
e) We need your IP Address and Links to perform the BlackBox
Well, Blackbox is my specialism and i know asking for IPs and system information during a blackbox Penetration testing is a NONONO!!! I have heard companies that do Security ask for these, whenever i hear this and whenever they ask for such info, yes, a Kitten dies.
f) We can do a Code Review in One Day
Actually i heard this the other day i almost puked. Unless its just 100 to 200 lines of code, this is a bullshitter bullshitting other bullshitters
g) Too Much PaperWork
Most of the Pentest reports go to techies in the firm to fix the issues. Do you think they read these reports? This is just a way to show you they worked, when everything on that report is nmap and telnet grabbing banners and the CEOs can't understand anything, so they take advantage of that.
Quality is better than anything to a client, do real Penetration testing, people are reading this blog and others and they will soon know they are getting conned, with their skirts up on the streets.
e) Internal Blackbox
There is nothing like Internal Blackbox Penetration testing. When you are working from a client office, that's either Gray Box or White Box.
KEEP IT REAL