Risky Business #254 -- Does your pentester team know what it's doing?

A new take on quality control for penetration testers...
 
Start the discussion 0 Comments
September 14, 2012 -- 

This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR, but he's cobbled together a fascinating little side project called Exploitable Labs.

In essence, Exploitable Labs is an online capture the flag environment. Participants connect to it, then go about finding various types of vulnerabilities -- in Web applications, servers and network devices. At the end of the exercise, the system spits out a report that can tell the participant where they're hot and where they're not.

Wayne designed the service to be used by people who hire penetration testers -- it's not a certification like CREST, it's an evaluation. It's an interesting idea!

Adam Boileau, as always, joins the show for a chat about the news headlines.

If you'd like links to the articles we discuss, you can find them in the show notes.

icon for podpress | Play in Popup | Download

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.