What an Penetration Tester Might Do To Your System on a Pentest
Make sure you specify what you do and do not what a penetration tester to do in your rules of engagement
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: AppSec | Secure Code | Data Breaches | Pentesting
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I just performed a penetration test for a client and they were surprised when I tripped some alerts that I had uploaded some malware to their system, so I thought I would explain a bit more about the penetration testing process and what is considered “malware.”
This is a quick post probably with typos due to lack of time. More penetration test reports to deliver!
Penetration test versus vulnerability scan
When you get a penetration test, unlike a security assessment, the tester is trying to prove that exploits work on your system and demonstrate the impact. When you get a vulnerability scan or security assessment…
