homepage
Open menu
Contact Sales

Putting your security assessment budget on a leash while avoiding the Pentest Puppy Mill

  • Tuesday, 03 Sep 2013 1:30PM EDT (03 Sep 2013 17:30 UTC)
  • Speakers: Paul Asadoorian, John Strand

The goal of a penetration test should be to elevate your security, not line the pocket of the pentester. In this webcast, Paul and John discuss ways to structure your pentest so that you aren't paying for shells from a Pentest Puppy Mill, but instead paying for reproducible results that will provide a baseline for future testing.

Topics:

  • What a good RFP should look like
  • Pentest puppy mill explained
  • Following the PTES standard so you don't get a vuln report
  • Explaining how the PTES standard helps organizations
  • Assess yourself before the red team shows up
  • Money saving tips:
    1. Crystalbox vs. Black
    2. VPN access vs. onsite
    3. Insist on report with ways to reproduce results to test your mitigations actually improved security
    4. Onsite only after external testing exhausted
    5. Test/QA/Dev environments vs. production

All the above should be done as if preparing for the NEXT year's pentest.

Login to Register

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
HackFest_blog_image.png
Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming
A Visual Summary of SANS HackFest Summit
Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023
370x370-person-placeholder.png
Alison Kim
read more
Blog
Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming
SEC670 Prep Quiz Answers
Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.
370x370_jonathan-reiter.jpg
Jonathan Reiter
read more