7MS #368: Tales of Pentest Fail
7 Minute Security24 Juni 2019

7MS #368: Tales of Pentest Fail

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

In today's episode, I toss myself under the proverbial security bus and share a tale of pentest fail. Looking back, I think the most important lessons learned were:

  • Scope projects well - I've been part of many over- and under-scoped projects due to PMs and/or sales folks doing an oversimplified calculations, like "URLs times X amount of dollars equals the SOW price." I recommend sending clients a more in-depth questionnaire and even jump on a Web meeting to get a nickel tour of their apps before sending a quote.

  • Train your juniors - IMHO, they should shoulder-surf with more senior engineers a few times and not do much hands-to-keyboard work at first (except maybe helping write the report) until they demonstrate proficiency.

  • Use automated pentest tools with caution - they need proper tuning/care/feeding or they can bring down Web sites and "over test" parameters.

Avsnitt(693)

7MS #29: Follow Up Then (audio)

7MS #29: Follow Up Then (audio)

This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio)

11 Okt 20147min

7MS #28: Infosec for Kids? (audio)

7MS #28: Infosec for Kids? (audio)

This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soaked world where there are constantly text/video/photos of them going online – to stay forever? Download: 7MS #28: Infosec for Kids?…

27 Sep 20147min

7MS #27: Backing Up with CrashPlan (audio)

7MS #27: Backing Up with CrashPlan (audio)

Hey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Crashplan (audio)

20 Sep 20147min

7MS #26: The Importance of Training and Awareness (audio)

7MS #26: The Importance of Training and Awareness (audio)

Training and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.” Download: 7MS #26:…

13 Sep 20147min

7MS #25: Writing Better Pentest Reports (audio)

7MS #25: Writing Better Pentest Reports (audio)

This episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)

23 Aug 20148min

7MS #24: Why Wireless Scares Me (audio)

7MS #24: Why Wireless Scares Me (audio)

This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio)

16 Aug 20147min

7MS #23: OSCP – part 2 (audio)

7MS #23: OSCP – part 2 (audio)

In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you don’t do so hot on your final exam. Buffer overflows make…

9 Aug 20147min

7MS #22: Phishing with Black Squirrel (audio)

7MS #22: Phishing with Black Squirrel (audio)

In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.

27 Juli 20147min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
rss-krimstad
p3-krim
fordomspodden
olyckan-inifran
flashback-forever
rss-viva-fotboll
svd-dokumentara-berattelser-2
motiv
rss-sanning-konsekvens
rss-vad-fan-hande
aftonbladet-daily
mannen-utan-spar
rss-frandfors-horna
dagens-eko
rss-krimreportrarna
rss-svalan-krim
rss-flodet
rss-klubbland-en-podd-mest-om-frolunda