This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
By Kelly Jackson Higgins
SEPTEMBER 25, 2008
Chris Nickerson can gain access to a Web application without ever
touching it -- with just the right amount of reconnaissance, the
so-called Tiger Team hacker can infiltrate the development team and
compromise their machines.
=E2=80=9CI can get into the application from the back side while on the outside,
without touching=E2=80=9D the app, says Nickerson, who gave attendees of the
Open Web Application Security Project (OWASP) USA conference in New York
today a taste of what he considers the big-picture cyber threats to
organizations, targeted attacks for money or corporate espionage.
=E2=80=9CClosing all the holes in a Web application doesn=E2=80=99t make you secure,=E2=80=9D he
Most Web application security testing is focused on searching for
vulnerabilities, he says, but that=E2=80=99s not as comprehensive as his brand
of tiger team, or red team, testing that assesses physical and
electronic security as well as social engineering weaknesses. =E2=80=9CRed
teaming provides comprehensive testing."
Nickerson, who along with colleagues Ryan Jones and Luke McOmie starred
in the reality TV show Tiger Team that aired briefly on CourtTV, says
the red team testing approach is more realistic for assessing the risks
to an organization.
Content-Type: text/plain; charset="us-ascii"
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!