B. Aggressive. B. E. Aggressive. (or "One 0day is enough")

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When you go into security consulting engagements with a new business
unit you usually face a few questions from the developers and business
owners. "What is it exactly that you're going to tell us?"

We always answer this the same way: "Things that will surprise you."

Most developers have read a lot about security these days - they
understand SQL Injection, Cross Site Scripting, access control, not to
use their own cryptographics, and all sorts of other security truisms.

What they can't possibly understand is how a hacker's mind works, and
what they're likely to find. Even security specialists who have only
worked defence often have never really seen a hacker go.

Largely I think this is because there's a difference between someone
playing cards with chips and someone with their house and life on the
line. People say penetration testing is a model of an attacker. But how
do you model obsession?

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkrnDTQACgkQtehAhL0ghepPdgCfVAz0n5rERBmfuE0sXA0ErYKf
UtAAn2mWY0d6PoxYyYc6fanYCn10tj/8
=pWSW
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave