Penetration Testing mailing list archives
Re: My Frustrations Step Two
From: Alex Moen <alexm () ndtel com>
Date: Thu, 18 Dec 2008 16:31:37 -0600
Actually, this should be done anyway as part of the initial contact with the client, defining the role that the pen tester will take and the scope that is suitable and expected.
Maybe some of the "biggies" in the industry could, or would, create some ideas for RFPs that the client (not the pen tester) should use when determining who will do the pen test, kind of an acid test for the selection. This might be a tough thing to do considering that each industry has different needs, but there should be something that they could come up with...
Alex Leonardo Cavallari Militelli wrote:
Maybe the best solution should be define a sort of RFP (Request for Proposal) and steer customers to use it as contractual clauses. On Thu, Dec 18, 2008 at 10:27 AM, Adriel T. Desautels <ad_lists () netragard com> wrote:So it appears to me that the solution to this problem is to provide the customer with ammunition so that they can quickly shoot down the fraudulent security experts and properly identify the real ones. There are different services, different classifications of service, different threat levels, etc. If our customers knew how to identify what they needed, they could use that to choose a good provider with much more success. But thats the real problem isn't it? Our customers aren't security experts and as a result they don't know what they need... So, what questions can we arm our customers with so that they can weed out the Frauds? Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- RE: My Frustrations Step Two Erin Carroll (Dec 18)
- Re: My Frustrations Step Two Leonardo Cavallari Militelli (Dec 18)
- Re: My Frustrations Step Two Alex Moen (Dec 18)
- Re: My Frustrations Step Two Matt (Dec 18)
- Re: My Frustrations Step Two Paul Melson (Dec 19)
- Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 19)
- RE: My Frustrations Baykal, Adnan (CSCIC) (Dec 19)
- RE: My Frustrations Erin Carroll (Dec 19)