YoVDO

Penetration Testing Considered Harmful

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Cybersecurity Courses Penetration Testing Courses Browser Security Courses Java Security Courses

Course Description

Overview

Explore a thought-provoking conference talk from the 44CON Information Security Conference that challenges conventional wisdom on penetration testing. Delve into Haroon Meer's presentation, which examines the potential drawbacks and limitations of current penetration testing practices. Gain insights into the crisis of confidence in information security, the overreliance on zero-day vulnerabilities, and the challenges faced by professional pen testers. Learn about the weaknesses in browser security, the importance of Java vulnerabilities, and the concept of "market for lemons" in penetration testing. Discover alternative approaches to security testing, including app testing, paper-based testing, and gamification. Reflect on the need for change in the industry and the importance of focusing on customer problems rather than showcasing technical prowess. This 47-minute talk offers a critical perspective on penetration testing and encourages security professionals to rethink their approaches to vulnerability assessment and risk management.

Syllabus

Intro
Crisis of Confidence
MissionAccomplished
Weve gotten to a point
Lack of control
Risk exposure
Global financial crisis
Nothing happens
A simple quick test
The problem with InfoSec
Quick Kill
Pen Testers
Poll
One Zero Day
Zero Day Splits
You Never Need Zero Day
Why Do We Need Zero Day
Are Our Attackers Using Zero Day
Mass Vonage
Aurora
HBGary
Charlie Miller
Tauntaun
Attack a Mess
Quick Lessons
Browsers are the weakest link
Browsers dont show up on pen test report
Current version of Java
Attacking Java
Ignoring ZeroDay
ZeroDay for Everything
Arms Race
In intractable problem
Professional pen testers
How to get data out of networks
Squeezer
Leader
Sequel Injection
Classic Case
Coverage
Market for Lemons
Penetration Testing is Harmful
Why is Penetration Testing so Popular
Hill Climbing Problem
Pen Test Standard
Elevation of Privilege
App Testing
PaperBased Testing
Gamification
Opponents
Zero Day
Will it make pen tests less fun
Focus on the customers problem
Show how clever you are
Do we need to change
Were in this bad spot
Antivirus
Integrity
Reset
Outro


Taught by

44CON Information Security Conference

Related Courses

Simple Hardware Side Channel Attacks
44CON Information Security Conference via YouTube Ways to Brick Your Hardware
44CON Information Security Conference via YouTube 2012 In Review - Tor and the Censorship Arms Race
44CON Information Security Conference via YouTube The Infosec Crossroads
44CON Information Security Conference via YouTube A Talk About Info-Sec Talks
44CON Information Security Conference via YouTube