In his talk at DeepSec 2013 Alexey Kachalin puts reporting and penetration testing into perspective: "In pentest/security-audit projects the main risk is not to fail to penetrate the system or to find vulnerabilities in software products, but to get your task right and explain your findings to the customer. Problems come in many faces and on every phase of the project: goal setting from customer, system outline by IT, discussing progress or final presentation, etc.
Missing means of communication or misuse of known means is widespread, tools of analysis and data representation is often the key to this problem: you can't discuss codes as is with CEO or explain your world of social engineering tricks to system architect using charts.
This talk will cover what works and what fails in our day by day practice in pentest, security audit, forensics starting from general concepts and tools of analytics (text, charts, SWOT, gap) to domain-specific favorites adopted for our practice from OSSTMM, PTES, CSC."
Loading more stuff…
Hmm…it looks like things are taking a while to load. Try again?