Speakers | |
---|---|
Pete Herzog | |
Schedule | |
Day | Sunday |
Room | Janson |
Start time | 10:00 |
End time | 10:45 |
Duration | 00:45 |
Info | |
Event type | Podium |
Track | Security |
Language | English |
Media | |
Video (Ogg/Theora) |
Security testing not by the book
A cheat sheet to efficient and accurate security testing and analysis, this overview is about what many penetration testers and ethical hackers just don't get. The real world doesn't conform 100% to rules but it is rules that get put into tools and courses which guide and often think for today's security professionals. In this talk, we will examine various real-world networks, services, and applications and explain where the tester went wrong in the test and analysis.
Security testing is the means to measure and verify operational security and controls are working. The Open Source Security Testing Methodology Manual (OSSTMM) is an open, peer-reviewed specification for an accurate and thorough security test. The OSSTMM has been written for real-world security testing and metrics and a review of the last 4 years of OSSTMM research is used to create this interactive talk.