Linked by Thom Holwerda on Fri 17th Jun 2011 18:49 UTC
Privacy, Security, Encryption Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.
Permalink for comment 477747
To read all comments associated with this story, please click here.
Proactive testing
by Lennie on Sun 19th Jun 2011 09:09 UTC in reply to "RE[5]: Bah - hacking skills"
Lennie
Member since:
2007-09-22

Proactive testing is just proactive testing, it doesn't say anything about the security of a system.

It just says it isn't vulnerable to the attacks it was tested against. However a large part of that testing is done automated with tooling in the production environment so people are careful with how they test.

So even if the tool found a problem like a SQL-injection, the tool or user of the tool might not even have noticed it.

No, pentesting and so on is to find the most obvious problems.

Just look at a recent bank website security problem, when an id in the URL was changed people could get in the account of other people.

I'm very certain banks do those previously mentioned security checks.

If you want real security, there is only one solution to have a 3rd party look at the code. All the code.

Reply Parent Score: 2