This week I started on a long term assignment involving the implementation of web application security testing in the SDLC. Although it is fun to do something more structural than the average 'pentest a website and get out' assignment, there's also the element of politics that immediately shows it's head.
For example choosing a scanner .. Although you can get good results with a collection of open-source or freeware tools, sometimes a commercial scanner is the better choice from a political perspective. Especially when there are quite strict regulations about the format of your reporting, choosing a commercial scanner can make your life a lot easier... On the other hand it's absurd to decide on the acquisition of tools based on the format of a report.
It makes you wonder if you should deal with pentest politics or if you should pentest politics.
No comments:
Post a Comment