28 Sep 09 Security Consultant – Scope of work
As a Security Consultant, I’ve always had a difficult time with the scope of work and just how much detail to go into during the test. What to pen test is more often than not strictly defined, however what detail to go in to, is often not. In some cases the time constraints dictate the detail of the penetration test itself, however often with pen testing, more time is allowed than is necessary.
I have a specific example in mind, whereby I identified a possible DoS (Denial of Service) attack against a service running on a particular vendor’s hardware. The attack was only vaguely theoretically possible, however given the spare time, I did spend a number of hours writing an actual implementation of the Denial of Service attack, and then demonstrating proof of it’s functionality. At that point, the Client changed various configuration options which prevented this DoS, whilst technically mildly limiting functionality.
(more…)
Tags: consultant, denial of service, dos, pen test, penetration test, PHP Developer, Security Consultant, web developer
|
I'm Adam Palmer, and I'm a Freelance Embedded Linux/Embedded Hardware enthusiast and Security Consultant. I run 'APNIC Solutions Ltd' and spend most of my time managing server clusters, and doing some PHP/MySQL development, whilst what little spare time I have is dedicated to playing with gadgets. I'm always happy to consult on or manage any Linux related, Web Application or Hosting project. Please get in touch with me! |
