[Dailydave] "Specialization is for insects" - Heinlen
Dave Aitel
dave at immunityinc.com
Mon Mar 10 11:18:31 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's interesting the tension between generalism and specialism in
information security. For example, we hire consultants who are
generalists. Essentially you have to show up at a client in a suit with
a body of security knowledge, and learn as quickly as possible how it
affects their particular technology, be it Citrix, .Net 3.0, J2EE with
Beans, Ruby on Rails, or a DG-UX based system built internally to the
client and never exposed to cold air. It's a
how-fast-can-you-learn-new-stuff-and-break-it game.
But when it comes to technology, I think it's valuable to specialize.
Immunity Debugger is a disassembler and debugger that ONLY does
Vulnerability Analysis. That's it. It does it in user-space on Win32 and
it does it better than anything else out there (IMHO). Lately with
CANVAS we've started to see traction with partners who specialize. Doing
client-side attacks against a target who wants to know their real risk?
You probably want to use Gleg's RealPlayer attacks. Attacking an
application hosted on Citrix? You probably want to use the D2Sec pack.
(It's what we're using this week. We do eat the dogfood we re-sell!)
I find that an over-reliance on generalized scanners is tending to go
against the technology gradient. How is a SOAP testing tool going to
help you when the server only accepts application/soap+msbin1 format
(aka MC-NBFS)? How is a network scanner (with exploits or without)
designed for banks going to help your hotel business? Anyways, it's
something I'm thinking about, and no doubt a lot of other people on the
list too. I wanted to throw it out there : What kind of generalized
scanner features can we build that would allow you to build the
specialized scanner that actually helps your business?
If you want to see CANVAS or SILICA live we have a few conferences
coming up:
March 13-14, 2008 SOURCE Boston
http://www.sourceboston.com/
March 26-28, 2008 CanSec West - Vancouver
http://www.cansecwest.com/
April 7-11, 2008 RSA - San Francisco
http://www.rsaconference.com/2008/US/Home.aspx
April 14-17, 2008 HITB - Dubai
http://www.hackinthebox.org/
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH1VFHtehAhL0gheoRAh3pAJ9ECEE1r3LTAzgJpCTn8dh6OpTemQCff9Zx
Dk98x20oNvLPAz+gMOcQwUw=
=br4H
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list