Explore strategies for improving penetration testing practices in this 55-minute conference talk from Louisville Infosec 2015. Delve into the concept of standardized pen tests, examining current issues and the state of penetration testing. Learn about a new objective for pen testing that focuses on educational opportunities. Discover essential preparation steps, including company selection, involving all stakeholders, proper scoping, and defining requirements. Gain insights on creating a purple team, assessing visibility, handling fragile and third-party systems, and maximizing test time. Understand the importance of client-side exploits and post-test follow-up. Walk away with practical strategies to enhance your organization's approach to penetration testing and overall security posture.
Overview
Syllabus
Intro
Nathan Sweaney
Preventing Common Core Pen Tests
Standardized Pen Tests
The Issues
State of Pen Testing
New Objective
Educational Opportunity
You Must Be This Tall
Prep work: Pick the Company
Prep work: Involve EVERYONE
Prep work: Scoping
Prep work: Requirements
Test Time: Create a Purple Team
Test Time: What Can You See?
Test Time: Fragile Systems
Test Time: Third Party Systems
Test Time: Client-Side Exploits
Time Time: Maximize the Time
Post Test: Follow Up
Take Away Strategies
