Home 0P3N Blog [podcast] Steps when scheduling a pentest, and the questions you forgot to ask... with Jarrod Frates
Ready to Start Your Career?
Create Free Account
BrBr s profile image
By: BrBr
July 27, 2016

[podcast] Steps when scheduling a pentest, and the questions you forgot to ask... with Jarrod Frates

By: BrBr
July 27, 2016
BrBr s profile image
By: BrBr
July 27, 2016
[embed]https://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3[/embed]Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at#InGuardians sees him engaging many companies who have realized that a typical 'pentest #puppymill' or pentest from certain companies just isn't good enough.Jarrod has also gone on more than a few engagements where he has found the client in question has no clue of what a 'real' pentest is, and worse, they often have the wrong idea of how it should go.This week, I sat down with Jarrod, and we talked about what needs to occur before the pentest, even before you contact the pentesting firm... even, in fact, before you should even consider a pentest.We discuss what a pentest is, and how it's different from a 'vulnerability assessment', or code audit. Jarrod and I discuss the overarching requirements of the pentest (are you doing it 'just because', or do you need to check a box for compliance?).  We ask questions like:Who should be involved setting scope?Should#Social #Engineering always be a part of a pentest?Who should be notified if/when a#pentest is to occur?Should your SOC be told when one occurs?What happens if the pentest causes incident response to be called (like if someone finds a malware/botnet infection)?And how long do you want the engagement to be?And depending on the politics involved, these things can affect the quality of the pentest, and the cost as well...It was a great discussion with Jarrod, a seasoned professional, and veteran of many engagements. If your organization is about to engage a company for a pentest, you'd be wise to take a moment and listen to this.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3

#iTunes: https://itunes.apple.com/us/podcast/2016-029-jarrod-frates-steps/id799131292?i=1000373091447&mt=2

#YouTube:  http://www.youtube.com/attribution_link?a=p2oq6jT3Iy0&u=/watch%3Fv%3DsTc_seN-hbs%26feature%3Dem-upload_owner

 

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.comSupport Brakeing Down Security#Podcast on #Patreon: https://www.patreon.com/bds_podcast#Twitter: @brakesec @boettcherpwned @bryanbrake#Facebook: https://www.facebook.com/BrakeingDownSec/#Tumblr: http://brakeingdownsecurity.tumblr.com/#Player.FM : https://player.fm/series/brakeing-down-security-podcast#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582 
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry