The FBI sent out an urgent request to reboot home WiFi routers. Bonus points for updating firmware and changing passwords. But apparently, few actually did. So what does this say about security when something as simple as a reboot doesn’t get done?
“But we passed our penetration test,” the person handling the security breach groaned. “How come they missed this?” Since the late 1960s, penetration testing has been about two things: demonstrating that the system can be broken into and finding some vulnerabilities. But, by now? We all know systems can be broken into. The shock and surprise are gone. And we all know there are vulnerabilities. Scores of vulnerabilities. Too many vulnerabilities. In fact, arguably today’s penetration testing doesn’t even identify a fraction of the vulnerabilities. This session will review the state of testing strategies and present predictions on where penetration testing should go in the future.