As well as Rory’s talk on pentest automation at BSides London – we will both be doing a workshop “Performing a DIY Security Review”. It is aimed at IT Professionals and shows the basics of how to prepare for a Security Review (“pentest”). This is something that is dear to our hearts because writing about SSLv2 over and over again is not something which either excites us greatly, or provides a great deal of value to customers. We think people should do a preparatory review themselves and let the tester concentrate on the specialized stuff – giving better value for money and a shorter, more focused report.
So the workshop is all about using free or low cost tools to look at a network and remove glaring faults from it prior to having a test done. We don’t cover web application testing – but if this one proves of interest we may do something along those lines in the future.
I’ll post the slides and documentation here after the event.