The Sectest08 workshop, which I attended today, was of typical workshop size, so my plan to use the flipchart rather than PowerPoint did work out well.
The Keynote speaker, David Litchfield, gave a pretty good introduction into the kind of security testing that he is doing—bug-hunting of various kinds. He included a live presentation of format string vulnerabilities, presented the notion of surety for what might be missed by the too formal approaches to security and described security testing as exploring interesting avenues and evaluating implications. His talk pretty much covered the issues and topics of my own world of security testing. He embraced the idea that (this type of) security testing might be an art, claiming that the bug-hunting type of security testers were often also into artistic activities such as painting or photography and that teams of testers would work best if they included scientific and artistic types of persons. What is security testing? weiterlesen
Sicher ist sicher? 