Blog
Penetration Testing in 2009 – Opposing Viewpoints
The last few weeks have brought some fairly interesting predictions for 2009 to bear in CSO Magazine columns. Two recent articles caught my eye from a penetration testing perspective.
In the first, Brian Chess, CTO of Fortify (they make source code review and software security tools, and he has written a great book on static analysis) predicted that penetration testing as we know it will die in 2009.
The premise of his argument is that penetration testing will die and be reborn in a different form, aiming more at preventing bugs from occurring, rather than identifying them (rolling things into QA / SDLC etc). Granted, it’s a fairly valid point *in some respects*, albeit a biased one if you consider what he does for a living.
More Conn News – PCI Johannesburg
I got contacted the other day (via LinkedIn actually, which is a 1st for me) about a PCI conference some folks are trying to organize here in Johannesburg in January next year. I don’t really know the people (or the conference) but it seems like something that’s sorely needed here and maybe worth making a small investment in.
Here’s where you can get the lowdown – http://www.pci-portal.com/events/event-info/event/pci-johannesburg
ITWeb Security Summit 2009 – CFP Reminder
I wanted to remind folk that the CFP for the ITWeb Security Summit closes on 26 Jan 2009. You can check it out at http://www.itweb.co.za/events/securitysummit/2009/. Local (ZA) should please make themselves heard, but the organizers are also sponsoring travel for international speakers so if you ever wanted to visit the gool ol’ RS of A (that’s in Africa) then here’s your chance….
Wikto 2.1 XMAS edition
The latest version of Wikto (2.1) is available for download here. New features include time anomaly reporting and easier access to findings. A few bugfixes have also been made (thanx to some valuable user feedback). Happy holidays from the research and dev team.
./frankieg
(v2.1 XMAS image)
Microsoft BlueHat, Videos Posted
Microsoft has posted selected videos of the latest BlueHat talks [here]. It’s pretty cool that they are now releasing these videos to the planet..
You get to see Matt Miller (skape), Scott Charney and even za’s very own Roelof Temmingh.
SensePost’ers can grab copies of the talks [here]
/mh
Linux on iPhone..
While i normally find “Linux ported to run on your [nintendo/toaster/foo] stories only academically interesting, i think the thought of Linux running on 1st Gen, 2nd Gen iPhones (and iPod Touch) a particularly awesome thought.
a) it suddenly means all sorts of possibilities for cute intelligent devices all over the house (with cool sensors – once they can be acessed)
b) it means possibly really cheap, really portable *nix (really pretty) in your pocket
South Africa’s own IT Security “pubcast”
Our good friend Anthony Olivier has launched his “IT Security Pubcast“. So far 2 episodes are online, with episode #2 including our very own, ever quotable Charl van der Walt.
Check it out..
ITWeb Security Summit 2009 – CFP Now Open
A couple of months back SensePost were asked by a prominent South African media company to assist in the selection of content and speakers for an upcoming information security conference called ‘the ITWeb Security Summit‘.
The show runs 26-28 May 2009. The speaker lineup is mostly local (including yours truly) but past speakers have been pretty high-profile – including Dave Litchfield, Johnny Long, Kevin Mitnick, Johnny Cache, Howard Schulz and others.
Wired Article on DNSGate..
Wired magazine has covered the DNSGate saga with full dramatic details like: “never, ever repeat what you just told me over a cell phone“.
Its a quick read, and worth it for the classic line: “The DNS community had kept the secret for months. The computer security community couldn’t keep it 12 days”
HBN Bootcamp – Christmas Edition
As a Christmas special we have scheduled an additional training course, Hacking By Numbers – Extended Edition (Bootcamp) in Pretoria, South Africa on November 24-28th. The course runs for a full 5 days. This course will be offered at a never-to-be-repeated discount price of ZAR 10,999-00 (15% discount on the usual training price). Each trainee will be given a t-shirt and a Christmas hat!
For more on our training please visit http://www.sensepost.com/training.html.