Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Maybe you already did but try to explain security in layers, like an union layer
One layer by itself is fragile, you could crush it with one hand easily, and it will expire fast
While the whole union is strong (try to crush an union using a single hand...) It also won't expire as fast as it whould have being cut in half -
Someone tried that on me once. I just said "Ah, the first layer is obscuring our ports and endpoints, so here's details of the ports and endpoints."
They weren't obscured, they were publicly documented. Seemed to work though. -
If you have a professional pentester, it is not uncommon to give him temporary administrative privileges, so he can explore your systems from the inside, while leaving the external facing systems as they are - of course it depends on the service you are paying for, as those whitebox audits aren't usually that cheap.
What is uncommon, is to dismantle security of public facing systems, as they are (duh!) accessible from the public. -
@sbiewald this one of those automatic script type of pentesting and I am being asked to allow it on a public facing site. To make matters worse last week the same boss told me I couldn't use my mission script which is on a non internet accessible machine to send files by SSH and https because it didn't sound secure to him.
-
drekhi18025y@curlybraces maybe he's trying to check if he can destroy the stones using the stones.😝
-
When we did pen test, we needed to ask Azure to disable their security mesures for the duration of the test.
Related Rants
My boss just came to me and demanded that we drop the first layer of security from our new servers so that the snake oil salesmen he used can open test it. I did try to explain that you don't remove security to test security.
rant
security
snake oil
server