Pen testing, SOC

Pen Testing, Part 1 w/ Dmitry Zagadsky – SCW #56

December 15, 2020

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we’re going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching “PCI” context to this discussion. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Pen Testing, Part 1 w/ Dmitry Zagadsky

Dmitry’s Bsides Boston talk, “Don’t End Up With a Pencil: Tips for Shopping Pen Tests” – https://youtu.be/Wr4UxdUa2aI

Jeff’s talk, “Do We Still Need Pen Testing?” from CircleCityCon 2015 – https://youtu.be/R13Bo8l9M5M

NIST SP800-115, Technical Guide to Information Security Testing and Assessment” – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

The Penetration Testing Execution Standard (PTES) – http://www.pentest-standard.org/index.php/Main_Page

PCI Security Standards Council’s Penetration Testing Guidance https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf?agreement=true

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant[/caption] [caption id="attachment_210" align="alignleft" width="120"]Josh Marpet Josh Marpet - COO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Liam Downward Liam Downward - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Scott Lyons Scott Lyons - CEO[/caption]

Guests

[caption id="attachment_210" align="alignleft" width="120"]Dmitry Zagadsky Dmitry Zagadsky - AVP IT Security [/caption]

Announcements

[audio src="http://traffic.libsyn.com/sw-all/SCW_56_-_Pen_Testing_Part_1_w_Dmitry_Zagadsky-0_converted.mp3"]
prestitial ad