|
|
|
|
|
|
by rattus
4934 days ago
|
|
|
Vilification of discovery scans in 2012. Weird. Yes. Appstack is totally the way to go if you're an app pen guy. Shocking. Portscanning not too useful in a whitebox pen assessment, sure. Don't do it at all because blackhats "don't do that"? Not really. Just make sure instrumentation and response exists for both of these cases. Pen guys don't want to perform an assessment of the environment to gauge targets but instead just break out the same kit for each engage? Sounds fine if it works for them and leaves more things to discover to the next crew that wanders through. Sounds like more "pentesting isn't compliance" drum beating, which is both good and bad. |
|
|