Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Content provided by Bryan Brake, Amanda Berlin, and Brian Boettcher. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bryan Brake, Amanda Berlin, and Brian Boettcher or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to BrakeSec Education Podcast
Technical interviews about software topics.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
A podcast about web design and development.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
2016-029: Jarrod Frates, steps when scheduling a pentest, and the questions you forgot to ask...
Manage episode 150022785 series 58350
Content provided by Bryan Brake, Amanda Berlin, and Brian Boettcher. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bryan Brake, Amanda Berlin, and Brian Boettcher or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at #InGuardians sees him engaging many companies who have realized that a typical 'pentest #puppymill' or pentest from certain companies just isn't good enough.
Jarrod has also gone on more than a few engagements where he has found the client in question has no clue of what a 'real' pentest is, and worse, they often have the wrong idea of how it should go.
This week, I sat down with Jarrod, and we talked about what needs to occur before the pentest, even before you contact the pentesting firm... even, in fact, before you should even consider a pentest.
We discuss what a pentest is, and how it's different from a 'vulnerability assessment', or code audit. Jarrod and I discuss the overarching requirements of the pentest (are you doing it 'just because', or do you need to check a box for compliance). We ask questions like
Who should be involved setting scope?
Should #Social #Engineering always be a part of a pentest?
Who should be notified if/when a #pentest is to occur?
Should your SOC be told when one occurs?
What happens if the pentest causes incident response to be called (like if someone finds a malware/botnet infection)?
And how long do you want the engagement to be?
And depending on the politics involved, these things can affect the quality of the pentest, and the cost as well...
It was a great discussion with Jarrod, a seasoned professional, and veteran of many engagements. If your organization is about to engage a company for a pentest, you'd be wise to take a moment and listen to this.
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3
#iTunes: https://itunes.apple.com/us/podcast/2016-029-jarrod-frates-steps/id799131292?i=1000373091447&mt=2
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
459 episodes
Share
Manage episode 150022785 series 58350
Content provided by Bryan Brake, Amanda Berlin, and Brian Boettcher. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bryan Brake, Amanda Berlin, and Brian Boettcher or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at #InGuardians sees him engaging many companies who have realized that a typical 'pentest #puppymill' or pentest from certain companies just isn't good enough.
Jarrod has also gone on more than a few engagements where he has found the client in question has no clue of what a 'real' pentest is, and worse, they often have the wrong idea of how it should go.
This week, I sat down with Jarrod, and we talked about what needs to occur before the pentest, even before you contact the pentesting firm... even, in fact, before you should even consider a pentest.
We discuss what a pentest is, and how it's different from a 'vulnerability assessment', or code audit. Jarrod and I discuss the overarching requirements of the pentest (are you doing it 'just because', or do you need to check a box for compliance). We ask questions like
Who should be involved setting scope?
Should #Social #Engineering always be a part of a pentest?
Who should be notified if/when a #pentest is to occur?
Should your SOC be told when one occurs?
What happens if the pentest causes incident response to be called (like if someone finds a malware/botnet infection)?
And how long do you want the engagement to be?
And depending on the politics involved, these things can affect the quality of the pentest, and the cost as well...
It was a great discussion with Jarrod, a seasoned professional, and veteran of many engagements. If your organization is about to engage a company for a pentest, you'd be wise to take a moment and listen to this.
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3
#iTunes: https://itunes.apple.com/us/podcast/2016-029-jarrod-frates-steps/id799131292?i=1000373091447&mt=2
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
459 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to BrakeSec Education Podcast
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Technical interviews about software topics.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
A podcast about web design and development.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
