Penetration Testing Must Die

Explore a thought-provoking conference talk that challenges the conventional wisdom surrounding penetration testing in cybersecurity. Delve into Rory McCune's presentation at Security BSides London, where he argues why the practice of penetration testing must evolve. Over the course of 26 minutes, examine the limitations of black box testing, the overloaded terminology in the field, and the challenges faced by clients who may not be fully prepared for such assessments. Investigate the complexities of application security assessments, data security concerns, and the legal implications of penetration testing. Gain insights into potential solutions for improving cybersecurity practices, including the importance of realistic testing environments and the underrated value of lab-based assessments. Discover why predicting human behavior in security contexts is crucial and how the industry can address the legal challenges associated with penetration testing.

Intro
Who am I
Why it must die
What is penetration testing
What does black box mean
What else is it
Realistic
Overloaded Terminology
Application Security Assessment
Clients Arent Ready
What is the whole thing
You can do anything you want
Exploitation
Mission Impossible
Data Security
Amazon
rsa
botnet
time
Legality
Fixing the problem
Predicting people
Underrated Labs
The Legal Problem