what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, February 10, 2014

TYPES OF ASSESSMENTS INVOLVED IN BLACKBOX

As a specialist of Blackbox,  i have been asked by several Security Consultants and others have actually gone public against my methods of Testing due to that these methods are adequate and if Organizations and Clients  who ask for such consultations learn the real ways to do Blackbox, they would actually walk away with business and invest in a better resource of Information Risk.


So Blackbox is type of Security Testing, which is different from Graybox Penetration testing and Whitebox Penetration Testing. Though Gray box, have several similarities with Blackbox, then always remember these are not assessments, so if you hear a consultant telling you, he/she will do Blackbox Assessment, they either do not know what they are talking about, or they are just trying to find a way to con you some money, because there is nothing called Blackbox Assessment, or Gray box Assessment. Also remember company Script Kiddles will say this a lot and hide behind their company names or even certifications.

So lets list the types of Assessments that you should have on a report when you are having a Black Box Penetration Testing;

1. External Assessment
2. Redteam Assessment
3. Advanced Persistence Threat Assessment
4. Web Application Assessment
5. Social Engineering Assessment
6. Surveillance and Recovery Assessment
7. Databases Security Assessment
8. Social Media Security Assessment
9. Online Reputation Assessment (Optional, depends with the type of client)
10. Covert Data Acquisition Assessment
11. Wireless Security Assessment


What i will do, i will post each Assessment that is not clear to anyone who asks about it, as an entry of each blog in the course of the week, i will also be speaking at AfricaHaCKon about blackbox, check http://www.africahackon.com/ for more information

There is also this assumption people have about the time to be allocated when testing, personally i will insist on good time, e,g like the current blackbox we are doing started on December and we are still on it this Feb

Lets give the clients what they really need, and not what you think they want and better our country and Africa as a whole, the better we make it, the better it will be for our children and their children and we will set a good example for everyone.

Kindly,

./Chucks

No comments: