Terminology

How to find a genuine Penetration Testing firm

By |2020-03-31T10:27:31-04:00May 3rd, 2013|

There's been a theme of dishonesty and thievery in the Penetration Testing industry for as long as we can remember.  Much in the same way that merchants sold "snake-oil" as a cure-all for what ails you, Penetration Testing vendors sell one type of service and brand [...]

Comments Off on How to find a genuine Penetration Testing firm

Penetration Testing – What’s that?

By |2020-03-31T10:33:12-04:00November 19th, 2010|

It amazes me that most of the "security companies" that offer penetration testing services don't know what penetration testing is. Specifically, they don't deliver penetration tests even though they call their services penetration testing services. In most cases their customers think that they're receiving penetration tests [...]

Comments Off on Penetration Testing – What’s that?

Security Vulnerability Penetration Assessment Test?

By |2020-03-31T10:34:14-04:00June 14th, 2010|

Our philosophy here at Netragard is that security-testing services must produce a threat that is at least equal to the threat that our customers are likely to face in the real world. If we test our customers at a lesser threat level and a higher-level threat [...]

Comments Off on Security Vulnerability Penetration Assessment Test?

Inside The Brains Of A Professional Bank Hacking Team

By |2020-03-31T10:37:04-04:00April 26th, 2010|

Originally posted on Forbes.com - Read the original article here. We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank's IT Infrastructure and see how far we could [...]

Comments Off on Inside The Brains Of A Professional Bank Hacking Team

Social Engineering — Its Nothing New

By |2020-03-31T10:38:20-04:00September 22nd, 2009|

With all the recent hype about Social Engineering we figured that we’d chime in and tell people what’s really going on. The fact is that Social Engineering is nothing more than a Confidence Trick being carried out by a Con Artist. The only difference between the [...]

Comments Off on Social Engineering — Its Nothing New

Verify Your Security Provider — The truth behind manual testing.

By |2020-03-31T10:38:39-04:00July 16th, 2009|

Something that I’ve been preaching for a while is that automated vulnerability scanners do not produce quality results and as such shouldn’t be relied on for penetration tests or vulnerability assessments. I’ve been telling people that they should look for a security company that offers manual [...]

Comments Off on Verify Your Security Provider — The truth behind manual testing.

SNOsoft – Blosoft – GLOsoft – Awesome!

By |2020-03-31T10:38:51-04:00June 22nd, 2009|

Normally we wouldn't give an iota of attention to trolls, but there's always the exception to the rule. The past two advisories that we (Netragard/SNOsoft) released have been followed up by a troll publishing hilarious spoofs of those advisories. So far the spoofs they've released can [...]

Comments Off on SNOsoft – Blosoft – GLOsoft – Awesome!

Brian Chess, CTO of Fortify Software – Creating Confusion

By |2020-03-31T10:45:38-04:00December 29th, 2008|

So this entry goes to support my previous post about Insecure Security Technologies and some of the confusion that these vendors can cause. Recently Networkworld published an article named "Penetration Testing: Dead in 2009" and cited Brian Chess, the CTO of Fortify Software as the expert source. The [...]

Comments Off on Brian Chess, CTO of Fortify Software – Creating Confusion