Schedule: Security Testing

Pete Herzog
Day Sunday
Room Janson
Start time 10:00
End time 10:45
Duration 00:45
Event type Podium
Track Security
Language English
Video (Ogg/Theora)
Security Testing

Security testing not by the book

A cheat sheet to efficient and accurate security testing and analysis, this overview is about what many penetration testers and ethical hackers just don't get. The real world doesn't conform 100% to rules but it is rules that get put into tools and courses which guide and often think for today's security professionals. In this talk, we will examine various real-world networks, services, and applications and explain where the tester went wrong in the test and analysis.

Security testing is the means to measure and verify operational security and controls are working. The Open Source Security Testing Methodology Manual (OSSTMM) is an open, peer-reviewed specification for an accurate and thorough security test. The OSSTMM has been written for real-world security testing and metrics and a review of the last 4 years of OSSTMM research is used to create this interactive talk.