kravietz πŸ¦‡  

Penetration testing report from a "highly respected" security company:

* 20 pages of risk assessments, methodology discussion, tables, charts and other nonsense

* conclusion: "this report does not include any findings"

πŸ€¦β€β™‚οΈ

1+
Hex00fShield  

@kravietz i once got a feedback for a malware scan I did, where they told me that it was suspicious because ** BEfOrE yOu dId tHE scAnN we NeVer haD pRobLems**

1
kravietz πŸ¦‡  

@hex00fshield

Fantastic approach... πŸ€¦β€β™‚οΈ Actually, I've seen that a lot with penetration testing or SAST tools. With the latter it's partially justified by the fact that a scanner that is not tuned will instead flood the dev team with tons of irrelevant findings...

1
Hex00fShield
Follow

@kravietz I've seen it too, so I manually validate each finding to be sure they are not false positives, like when some macOS certificates get caught as malware, even when they came brand new. But what they want is a reason to not spend money on a threat they can't see πŸ™ˆπŸ™ˆπŸ™ˆπŸ™ˆ

Β· Β· Tusky Β· 0 Β· 0 Β· 1
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…