Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Penetration Testing Considered Harmful

44CON Information Security Conference via YouTube

Overview

Explore a thought-provoking conference talk from the 44CON Information Security Conference that challenges conventional wisdom on penetration testing. Delve into Haroon Meer's presentation, which examines the potential drawbacks and limitations of current penetration testing practices. Gain insights into the crisis of confidence in information security, the overreliance on zero-day vulnerabilities, and the challenges faced by professional pen testers. Learn about the weaknesses in browser security, the importance of Java vulnerabilities, and the concept of "market for lemons" in penetration testing. Discover alternative approaches to security testing, including app testing, paper-based testing, and gamification. Reflect on the need for change in the industry and the importance of focusing on customer problems rather than showcasing technical prowess. This 47-minute talk offers a critical perspective on penetration testing and encourages security professionals to rethink their approaches to vulnerability assessment and risk management.

Syllabus

Intro
Crisis of Confidence
MissionAccomplished
Weve gotten to a point
Lack of control
Risk exposure
Global financial crisis
Nothing happens
A simple quick test
The problem with InfoSec
Quick Kill
Pen Testers
Poll
One Zero Day
Zero Day Splits
You Never Need Zero Day
Why Do We Need Zero Day
Are Our Attackers Using Zero Day
Mass Vonage
Aurora
HBGary
Charlie Miller
Tauntaun
Attack a Mess
Quick Lessons
Browsers are the weakest link
Browsers dont show up on pen test report
Current version of Java
Attacking Java
Ignoring ZeroDay
ZeroDay for Everything
Arms Race
In intractable problem
Professional pen testers
How to get data out of networks
Squeezer
Leader
Sequel Injection
Classic Case
Coverage
Market for Lemons
Penetration Testing is Harmful
Why is Penetration Testing so Popular
Hill Climbing Problem
Pen Test Standard
Elevation of Privilege
App Testing
PaperBased Testing
Gamification
Opponents
Zero Day
Will it make pen tests less fun
Focus on the customers problem
Show how clever you are
Do we need to change
Were in this bad spot
Antivirus
Integrity
Reset
Outro

Taught by

44CON Information Security Conference

Reviews

Start your review of Penetration Testing Considered Harmful

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.