Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021
People are always excited to learn how they can penetrate networks to find vulnerabilities. But what good is finding vulnerabilities if your client doesn't understand or care about your findings? I offer my unusual perspective to this talk. Yes, I understand pen testing as a trade. I cowrote The Pen Tester Blueprint and I run Hack The Box's blog. But frankly, my professional focus has always been communicating my ideas. Especially to a business audience who only understands dollars and cents. In this talk, I will share (fictional for the sake of protecting sensitive information) examples of both well written and poorly written pen tester reports. I will emphasize how to not only explain vulnerabilities effectively, but also how to make business people care about addressing vulnerabilities for the sake of protecting their bottom line. One of the hardest things about cybersecurity bis getting "the suits" to allocate a decent security budget. Yes, I will compose a series of fictional pen tester reports for the sake of this talk.
Presenter: Kim Crawley, Blog Manager, Hack the Box
/ kim_crawley
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Смотрите видео Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SANS Offensive Operations 13 Январь 2022, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,39 раз и оно понравилось 5 людям.