Re: Bank Assessment

[Max <reply.to.newsgroup () mozilla org>]

Hi Joe,

I do pen tests for banks in Switzerland and the one thing that is true 
in all my missions is: "Banking Secret".

I have no rights to discuss anything pertaining to my missions even to 
colleagues in my company. Neither method, tools, approach and obviously, 
results can be discussed nor made public. The only thing I can tell you 
is that, in banks out here, the IT staff is usually very competent, they 
know a whole lot (sometimes more than we, consultants), they have square 
policies and the main reason they want an outsider to do the test is 
because they have to (by law) or they don't have time to do it themsleves.

Your best source of information pertaining to bank pen testing is the IT 
staff from the bank who hired you. They will tell you everything you 
*need* to know, nothing more... and don't try to ask for more, they 
won't give it :-)

Cheers,

--
M@x



Joe Smith wrote:

> I'm looking for any good links with regard to Banking Institutions..
> Security assessments, pen-testing, special needs etc.    I know they are
> big on policies and procedures.    
>
>  

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------