http://www.darkreading.com/document.asp?doc_id=164643 By Kelly Jackson Higgins Senior Editor Dark Reading SEPTEMBER 25, 2008 Chris Nickerson can gain access to a Web application without ever touching it -- with just the right amount of reconnaissance, the so-called Tiger Team hacker can infiltrate the development team and compromise their machines. “I can get into the application from the back side while on the outside, without touching” the app, says Nickerson, who gave attendees of the Open Web Application Security Project (OWASP) USA conference in New York today a taste of what he considers the big-picture cyber threats to organizations, targeted attacks for money or corporate espionage. “Closing all the holes in a Web application doesn’t make you secure,” he says. Most Web application security testing is focused on searching for vulnerabilities, he says, but that’s not as comprehensive as his brand of tiger team, or red team, testing that assesses physical and electronic security as well as social engineering weaknesses. “Red teaming provides comprehensive testing." Nickerson, who along with colleagues Ryan Jones and Luke McOmie starred in the reality TV show Tiger Team that aired briefly on CourtTV, says the red team testing approach is more realistic for assessing the risks to an organization. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Sep 26 2008 - 02:17:26 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 26 2008 - 02:23:38 PDT