Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Verify Your Security Provider -- The truth behind manual testing.

From: "Geoff Galitz" <geoff () galitz org>
Date: Sat, 18 Jul 2009 11:14:15 +0200



But why
wouldn't a company that offers penetration testing services offer up
any research that
it did in the form of advisories?  What is the point of doing that
research if you never
use it to help vendors help their customers fix risks?




Sometimes a firm hires experts for penetration testing on spec for internal
research.  Some companies are being proactive about their security and
resolving their issues before their customers or third parties discover
them.

Those advisories are typically kept private for internal research.

-geoff


---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: