We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Philip Kemp & Scott Henderson - Beyond the Annual Penetration Test
Join Philip Kemp and Scott Henderson at SAINTCON 2023 as they explore beyond annual penetration tests, highlighting the importance of social engineering and the human element in security.
- Penetration testing is not just about identifying vulnerabilities, but also about understanding and improving security processes and procedures.
- Social engineering attacks are a common and effective way for threat actors to exploit vulnerabilities and gain unauthorized access.
- Physical penetration testing can be an effective way to identify vulnerabilities and test security controls, but it can also be resource-intensive and expensive.
- Voice-based penetration testing, also known as vishing, can be a more cost-effective and efficient way to test security controls, but it may not be as effective at identifying vulnerabilities.
- The use of magic and illusion can be a useful way to illustrate the concepts and principles of penetration testing and security.
- The goal of penetration testing is not just to identify vulnerabilities, but also to identify and remediate them to prevent future attacks.
- Attack surface management is an important aspect of security, as it involves identifying and defending against potential attack paths.
- The human element is an important part of security, as it involves monitoring and controlling human behavior to prevent attacks.
- Physical security controls, such as cameras and alarms, can be an effective way to prevent unauthorized access, but they may not be foolproof.
- The use of ladders and other equipment can be an effective way to gain unauthorized access, but it may not be the most efficient or effective way to test security controls.
- The importance of testing and validating security controls cannot be overstated, as it is an important part of ensuring the security of an organization’s data and systems.
- The use of magic and illusion can be a useful way to illustrate the importance and effectiveness of testing and validating security controls.