HEY Infosec Mastodon! Wanna help me out? I'm looking for screenshotable quotes about pentesting. Wanna respond to any of these questions? If you do you may be included in my next talk! What's the biggest pitfall a pentester can make? What makes a good pentest? What makes a bad test? Vuln scan versus pentest - which one is "better"? Or just whatever you want. I will include any memes I get, so reply away. Boosts help :)
@5570b77c A bad pentest is the “checklist item” where there are strict guidelines about what’s in scope and what’s not. A good pentest has no limits. Attackers, REAL attackers, cheat. They don’t follow rules or guidelines, so if you are truly wanting to test to see what a real attacker can do, impose no limits. If you want to pass some audit that involves an accounting type firm doing an assessment with an off-the-shelf scanner, impose those non-realistic limits.