April 15th, 2011 by peter.bassill

Going to Infosec Europe 2011 and have time between sessions? Why not play Infosec Bingo. Use the bingo sheet here and see how far you get with the vendors.

April 12th, 2011 by peter.bassill

Penetration Testing has been a part of information security since the early 1990’s, yet to this day security staff make the same mistakes over and over again. In this short piece I explore my personal views on selecting a penetration testing firm and how I go about engaging them in some real world attack scopes. Read the rest of this entry »

April 11th, 2011 by peter.bassill

I want a penetration testing firm that:

understands my employers business is to make money
but my business is to protect my employer

understands that I find no value in a 300 page report
but a high quality report 3 pages report in queens english is better than gold

understands that I take a risk based approached to security
and knows that risk is a common business language, not CVSS criteria

understands when I say holistic, it means you find your own damn way in
and not “well, we can get in easier from your server lan”

understands that I dont give a damn about a particular standard
but knows the contects of NIST 800-53, PCI and ISO:2700x

understands that PCI-DSS is a base line level of security
and not something I think we aspire to

understands that I use all the tools available to
and knows how to test manually, thinking outside the box

I want  a penetration testing firm that listens!

April 7th, 2011 by peter.bassill

After what can only seem an age, sks.teanfordhouse.com is now available for peering.

April 3rd, 2011 by peter.bassill

Ok, so here are some of the results. I will try and get some visualisation of the results through Splunk later in the week but here is the raw output from the box after 48 hours:

Read the rest of this entry »