Reading The Hacker Playbook, Practical Guide to Penetration Testing by Peter Kim (Book and Kindle versions) and reading it and thinking about how many firms would not / DO not protect themselves.
So many times in small to medium businesses, a client will say they want a pen test and they really don’t want a pen test. Or rather, they coudln’t afford the fee for an expert to pen test their network. Typically what they really want is an external scan that may even merely be an external PCI scan. Just because you’ve passed a PCI scan doesn’t mean that the network is secure however. As showcased in the book, there are so many ways a determined attacker can wiggle in, it’s scary.
If you enjoyed this article, please consider sharing it!
