Search
-
Re: Question for other Penetration Testers
There's really nothing surprising about what you are experiencing. I run a pentest company, although I don't consider myself a real pentester since that's not my background. There are actually a lot of companies that provide cookie-cutter pentesting. The work you described is typical of the bigger companies that provide… -
Re: Question for other Penetration Testers
Part of the cookie cutter is automation. There are just some things that are too impractical to do manually (e.g., scanning, fuzzing, password guessing, etc.). Another part is templates that form a baseline of the pentests to be performed for a specific environment. A CISO wants to know what is (and isn't) being performed… -
Re: Question for other Penetration Testers
I'm sure different people have different thoughts and beliefs about this topic. But for me, it's partly what you stated. Running some tools and removing false positives. Perhaps a standard way of demonstrating an exploit - for example - with XSS flaws, it's pretty straight-forward to demonstrate the vuln - same with… -
Question for other Penetration Testers
So, at the beginning of the year I managed to get myself into a penetration testing position. Doing red-team work is something I'd always thought had the potential to be lots of fun. I knew there would be quite a bit of paperwork, but still... I figured the thrill of popping a box / domain would more than make up for it…
4 results