The fact of the matter simply put are, we are seeing far too many successful attacks take place against organisations who are actually spending small fortunes on their security defences and capabilities, which at the same time are still leaving them insecure post the granting of a valued ‘tick’, which leave the assessed organisation still exposed to the nightmare of their unknown unknowns – enter Offensive Security.
When we refer to the subject of Offensive Security, we look beyond what is seen as red-team testing, and embrace an activity which encompasses the dark-arts of our adversaries, which goes well before the world of penetration testing, and over focuses on what we already know, or think we need – to subject it to a programme of security testing. In fact, here when representing a client, I asked the assigned penetration tester what they felt the client should include in the testing schedules, and they responded: “Just tell us the IP range, and we will run this testing based on that input.”
Bookmarks