Re: Backtrack or Blackbuntu - ?
Originally Posted by
Ms. Daisy
I think we might actually agree on this, as much as that pains me to say.
Scoping a pen test != following industry standards while pen testing
I agree if you want to assess your $things then pen testers should follow the same rules as attackers. Pen tests need to be conducted by skilled pros, not just anyone who can launch metasploit.
Sadly pen testers cannot and do not follow the rules of attackers, as attackers have no rules, no time constraints and no deliverables or legal agreements or defined scopes all of which are the bane of pen testing.
As for the standards they are merely frameworks under which to work and not a compliance thing generally nor a legal requirement unless it is government work generally
The standards you refer to I assume to be such as PSTE, OWASP, WASC-TC etc
Backtrack - Giving machine guns to monkeys since 2006
Kali-Linux - Adding a grenade launcher to the machine guns since 2013
Bookmarks