AOH :: IS1169.HTM

Tiger Team Member Attacks Developers, Not Apps




Tiger Team Member Attacks Developers, Not Apps
Tiger Team Member Attacks Developers, Not Apps



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1785282755-1222420646=:8084
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

http://www.darkreading.com/document.asp?doc_id=164643 

By Kelly Jackson Higgins
Senior Editor
Dark Reading
SEPTEMBER 25, 2008

Chris Nickerson can gain access to a Web application without ever 
touching it -- with just the right amount of reconnaissance, the 
so-called Tiger Team hacker can infiltrate the development team and 
compromise their machines.

=E2=80=9CI can get into the application from the back side while on the outside, 
without touching=E2=80=9D the app, says Nickerson, who gave attendees of the 
Open Web Application Security Project (OWASP) USA conference in New York 
today a taste of what he considers the big-picture cyber threats to 
organizations, targeted attacks for money or corporate espionage. 
=E2=80=9CClosing all the holes in a Web application doesn=E2=80=99t make you secure,=E2=80=9D he 
says.

Most Web application security testing is focused on searching for 
vulnerabilities, he says, but that=E2=80=99s not as comprehensive as his brand 
of tiger team, or red team, testing that assesses physical and 
electronic security as well as social engineering weaknesses. =E2=80=9CRed 
teaming provides comprehensive testing."

Nickerson, who along with colleagues Ryan Jones and Luke McOmie starred 
in the reality TV show Tiger Team that aired briefly on CourtTV, says 
the red team testing approach is more realistic for assessing the risks 
to an organization.

[...]


--1457021584-1785282755-1222420646=:8084
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 
--1457021584-1785282755-1222420646=:8084--

Site design & layout copyright © 1986-2014 CodeGods