Note: This blog entry was written by Jayson E. Street and published on his behalf. The consumer, the corporate executive, and the government official. Regardless of your perspective, DISSECTING THE HACK: The F0rb1dd3n Network was written to illustrate the issues of Information Security through story. We all tell stories. In fact, we do our best communicating through stories. This book illustrates how very real twenty-first century threats are woven into the daily lives of people in different walks of life.Three kids in Houston, Texas. A mid-level Swiss businessman traveling abroad. A technical support worker with a gambling problem. An international criminal who will do anything for a profit (and maybe other motives). FBI agents trying to unravel a dangerous puzzle. A widower-engineer just trying to survive. These are just some of the lives brought together in a story of espionage, friendship, puzzles, hacks, and more. Every attack is real. We even tell you how some of these attack are done. And we tell you how to defend against varied attacks as well. DISSECTING THE HACK: […]
Something that Iâ€™ve been preaching for a while is that automated vulnerability scanners do not produce quality results and as such shouldnâ€™t be relied on for penetration tests or vulnerability assessments. Iâ€™ve been telling people that they should look for a security company that offers manual testing, not just automated scans. The price points for quality work will be significantly higher, but in the end the value is much greater. After all the cost in damages of a single successful compromise is far greater than the cost of the best possible security services.
Iâ€™ve noticed that there are a bunch of vendors who claim to be performing manual testing. But when I dig into their methodologies their manual testing isnâ€™t real manual testing at all, its just vetting of automated scanner results or testing based on the results. In other words they test on what the automated scanner reports and donâ€™t do any real manual discovery. Iâ€™m not saying that tools like nessus (an automated scanner) donâ€™t have their place, Iâ€™m just saying that they arenâ€™t going to protect you from the bad guys. If you […]