This weekend I noticed the schedule for BruCON 2009 is almost complete, so now the hard part begins; deciding what to attend to and what to skip .. Tough decisions have to be made :)
If you're interested in BruCON an want to stay up-to-date; join the linkedin group:
http://events.linkedin.com/BruCON-Security-Conference/pub/31107
Pentest(ing) politics
This week I started on a long term assignment involving the implementation of web application security testing in the SDLC. Although it is fun to do something more structural than the average 'pentest a website and get out' assignment, there's also the element of politics that immediately shows it's head.
For example choosing a scanner .. Although you can get good results with a collection of open-source or freeware tools, sometimes a commercial scanner is the better choice from a political perspective. Especially when there are quite strict regulations about the format of your reporting, choosing a commercial scanner can make your life a lot easier... On the other hand it's absurd to decide on the acquisition of tools based on the format of a report.
It makes you wonder if you should deal with pentest politics or if you should pentest politics.
For example choosing a scanner .. Although you can get good results with a collection of open-source or freeware tools, sometimes a commercial scanner is the better choice from a political perspective. Especially when there are quite strict regulations about the format of your reporting, choosing a commercial scanner can make your life a lot easier... On the other hand it's absurd to decide on the acquisition of tools based on the format of a report.
It makes you wonder if you should deal with pentest politics or if you should pentest politics.
Subscribe to:
Posts (Atom)