This week's giveaway is in the Spring forum.
We're giving away four copies of Microservices Testing (Live Project) and have Chris Love & Andres Sacco on-line!
See this thread for details.
Win a copy of Microservices Testing (Live Project) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Penetration Testing - Two Questions

 
Bartender
Posts: 1464
32
Netbeans IDE C++ Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to Ric Messier and thanks for being here.

1. Do you find there is any truth in the truism that many institutions decline to conduct penetration tests by third parties because most of them know those tests will show vulnerabilities they'd rather not acknowledge?

2. How do you cope with the vulgar jokes?
 
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stevens Miller wrote:Welcome to Ric Messier and thanks for being here.
2. How do you cope with the vulgar jokes?



(?) you next question...
 
Author
Posts: 17
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I believe that there is a head in the sand mentality sometimes when it comes to information security. Having said that, there can be legitimate reasons for it. If an organization is notified about vulnerabilities that it can't do anything about fixing, they may be liable legally later on if it turns out there are damages resulting from that vulnerability and it comes out (as it will) that they knew and did nothing. I have at times run across organizations who will submit to testing but are very constrained about the parameters of the testing. Desktops are usually off limits as are things like voice networks -- these are two places where they are most likely the most vulnerable.

Since I am prone to making vulgar jokes myself, I'm not sure what you are talking about with your second question.

Ric
 
My first bit of advice is that if you are going to be a mime, you shouldn't talk. Even the tiny ad is nodding:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic