SAINTCON 2023 - Philip Kemp & Scott Henderson - Beyond the Annual Penetration Test

Testing Security

Join Philip Kemp and Scott Henderson at SAINTCON 2023 as they explore beyond annual penetration tests, highlighting the importance of social engineering and the human element in security.

Key takeaways
  • Penetration testing is not just about identifying vulnerabilities, but also about understanding and improving security processes and procedures.
  • Social engineering attacks are a common and effective way for threat actors to exploit vulnerabilities and gain unauthorized access.
  • Physical penetration testing can be an effective way to identify vulnerabilities and test security controls, but it can also be resource-intensive and expensive.
  • Voice-based penetration testing, also known as vishing, can be a more cost-effective and efficient way to test security controls, but it may not be as effective at identifying vulnerabilities.
  • The use of magic and illusion can be a useful way to illustrate the concepts and principles of penetration testing and security.
  • The goal of penetration testing is not just to identify vulnerabilities, but also to identify and remediate them to prevent future attacks.
  • Attack surface management is an important aspect of security, as it involves identifying and defending against potential attack paths.
  • The human element is an important part of security, as it involves monitoring and controlling human behavior to prevent attacks.
  • Physical security controls, such as cameras and alarms, can be an effective way to prevent unauthorized access, but they may not be foolproof.
  • The use of ladders and other equipment can be an effective way to gain unauthorized access, but it may not be the most efficient or effective way to test security controls.
  • The importance of testing and validating security controls cannot be overstated, as it is an important part of ensuring the security of an organization’s data and systems.
  • The use of magic and illusion can be a useful way to illustrate the importance and effectiveness of testing and validating security controls.

More talks

Anisha Malde - A Story(book) about testing - React Live 2023

SAINTCON 2016 - Josh Galvez - Hackers Challenge Shakedown

The Future of TradFi: The Transformation of Traditional Finance to Crypto Investments

Deserialization exploits in Java: why should I care? by Brian Vermeer

Philipp Krenn - Open Policy Agent: security for cloud natives and everyone else

GTAC 2015: The Uber Challenge of Cross-Application/Cross-Device Testing

Email vs Capitalism, or, Why We Can't Have Nice Things - Dylan Beattie - NDC Porto 2023

Securing Microservices with Auth0 and MicroProfile in Kubernetes without a hassle | Ondro Mihalyi