In my humble opinion this pen testing is dead meme and this builders vs breakers thing is coming from the same source.
Improve security by implementing key security controls in applications and building these key controls so they are secure themselves . By doing "stupid human tricks" and demonstrating that controls are not implemented we are just demeaning the profession. Poking holes in key security controls such as input validation functions and authentication functions in network protocols and providing patches (if source code available) or at least suggestions is valuable and a worthy pursuit
About Me
- Matthew Hackling
- Matt runs his own security consultancy called Ronin Security. His focus is information security management and he has a keen interest in infrastructure and web application security. He's a CISSP and the current Branch Executive of the Melbourne chapter of the Australian Information Security Association.
Labels
- AISA (1)
- australian information security market (1)
- career advice (1)
- causes (1)
- DoS (1)
- economics (1)
- FUD (1)
- futurism (1)
- information security governance (4)
- IPS (1)
- privacy (2)
- sacred cows (1)
- security patching (1)
- vulnerability management (1)
Thursday, January 15, 2009
Subscribe to:
Post Comments (Atom)
Handy Links
Twitter Updates
Matt's list of blogs
-
Dear America – How much is the tip?3 weeks ago
Blog Visitors
Lijit
InterSec - ISC2 CISSP networking portal
0 comments:
Post a Comment