Javier's Blog

Mostly computers and other tech stuff,...

Thursday, August 06, 2009

Really kinda eye opening, funny, and embarrassing to some:

The very concept of "penetration testing" is fundamentally flawed. The problem
with it is that the penetration tester has a limited set of targets they're
allowed to attack, while a real attacker can attack anything in order to gain
access to the site/box. So if a site on a shared host is being tested, just
because site1.com is "secure" that does NOT in anyway mean that the server is
secure, because site2.com could easily be vulnerable to all sorts of simple
attacks. The time constraint is another problem. A professional pentester with
a week or two to spend on a client's network may or may not get into
everything. A real dedicated hacker making the slog who spends a month of
eight hour days WILL get into anything they target. You're lucky if it even
takes him that long, really.


Blogger Unknown said...

This post feels quite reassuring lol So when will the machines turn on us? Because if I were them, I would! -leia

10:29 AM  

Post a Comment

<< Home