Episode 266 - Scope of Penetration Testing, Attack Modeling

Update: 2024-11-05

Description

Seth (@sethlaw) and Ken (@cktricky) return for an in-depth discussion on penetration testing expectations, driven by recent posts and slack activity from Andrew Wilson. Essentially, certain clients expect that a single penetration test finds everything possible, whether or not those expectations are appropriate. The duo expounds on their experience with similar expectations and how its affected their respective careers and organizations. A followup on threat modeling and a new approach being coined as Attack Modeling.

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Episode 267 - w/ Kinnaird McQuade - Building a Security Product

2024-11-19--:--

Episode 266 - Scope of Penetration Testing, Attack Modeling

2024-11-05--:--

Episode 265 - w/ Scott Norberg - Static Analysis

2024-10-29--:--

Episode 264 - w/ Jeremy Long - Software Composition Analysis

2024-10-1701:00:55

Episode 263 - WebApp Fuzzing, Mobile Testing, Secrets Management

2024-10-0801:05:23

Episode 262 - w/ Ariel Shin - Building a Security Program

2024-09-30--:--

Episode 261 - Security Economy, Password Resets, Vendor Consolidation

2024-09-24--:--

Episode 260 w/ Darren Meyer of Endor Labs - Dependency Management

2024-09-1901:00:24

Episode 259 - Special Melbourne Australia Edition w/Paul McCarty and Daniel Ting

2024-09-12--:--

Episode 258 - Engaging Developers, ALBeast, Dangerous TLDs

2024-09-03--:--

Episode 257 - In-Person vs. Virtual Training, Compliance Violations

2024-08-27--:--

Episode 256 w/ John Poulin - Token Security, Staying Technical as a Manager

2024-08-2101:03:57

Episode 255 (0xFF) - HackerSummerCamp Recap

2024-08-13--:--

Episode 254 - Pre-Hacker Summer Camp

2024-08-0153:50

Episode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSec

2024-07-23--:--

Episode 252 w/ Rami McCarthy - Security Startups, Jobs

2024-07-16--:--

Episode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVD

2024-07-0901:08:03

Episode 250 - Security Startups, Polyfill Takeover

2024-07-0201:06:01

Episode 249 w/ Tanya Janca - Secure Guardrails

2024-06-25--:--

Episode 248 w/ Rahil Parikh - Building AppSec Programs

2024-06-1858:19

00:00

Episode 266 - Scope of Penetration Testing, Attack Modeling

#box-pro-ellipsis-173235080658257{-webkit-line-clamp:2;}Episode 266 - Scope of Penetration Testing, Attack Modeling

Episode 266 - Scope of Penetration Testing, Attack Modeling

Episode 266 - Scope of Penetration Testing, Attack Modeling