The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we’re going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching “PCI” context to this discussion. Visit https://www.securityweekly.com/scw for all the latest episodes!
Pen Testing, Part 1 w/ Dmitry Zagadsky
Dmitry’s Bsides Boston talk, “Don’t End Up With a Pencil: Tips for Shopping Pen Tests” – https://youtu.be/Wr4UxdUa2aI
Jeff’s talk, “Do We Still Need Pen Testing?” from CircleCityCon 2015 – https://youtu.be/R13Bo8l9M5M
NIST SP800-115, Technical Guide to Information Security Testing and Assessment” – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
The Penetration Testing Execution Standard (PTES) – http://www.pentest-standard.org/index.php/Main_Page
PCI Security Standards Council’s Penetration Testing Guidance https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf?agreement=true
In our final technical training of 2020, our friends from Vulcan Cyber will show you how to move beyond vulnerability scan, to vulnerability fix! Visit https://securityweekly.com/webcasts to register or visit securityweekly.com/ondemand to view our previously recorded webcasts!