sparr0w - Slashdot User

Comment Not pentesters (Score 1) 58

by sparr0w on Monday November 12, 2012 @03:10PM (#41959091) Attached to: How Red Teams Hack Your Site To Save It

I've been a pen tester, and what this guy is doing is not pen testing - it's vetting out false-positives a tool is telling him. As good as tools are, they'll never reveal vulnerabilities that may lead to the overall compromise of an environment. Things like business process flaws (like being able to manually modify prices or submit negative values during balance transfers), blind SQL injection (tools are worthless for those), parameter tampering (like changing an ID showing stuff that isn't yours) and parameter addition. You need an actual person who can look at something and think it's Not Quite Right.... something a tool just can't do.

Comment Re:Lets get something straight now (Score 1) 698

by sparr0w on Friday October 12, 2012 @10:24AM (#41630947) Attached to: US Election's Only VP Debate Tonight: Weigh In With Your Reactions

Biden did a good job reminding everyone that the mess we are in now didn't exactly happen by accident. As he noted it happened precisely because guy's like Ryan voted to put two major wars,

Biden supported the war in Afghanistan ("Whatever it takes, we should do it"), and voted in favor of the "Authorization for Use of Military Force Against Iraq".

Weak minds seem to also have weak memories

Couldn't have said it better myself

Comment Re:Submitter bias: Java's "downward trend" (Score 1) 535

by sparr0w on Wednesday April 07, 2010 @09:48AM (#31760518) Attached to: C Programming Language Back At Number 1

your news comes on either much earlier or much later than mine. our film's always on at 1010

Comment Re:Lets create the Urban Scouts!!! (Score 1) 419

by sparr0w on Thursday July 05, 2007 @01:44PM (#19756389) Attached to: Explosives Camp

ISU used to have the hacking part of that... http://www.iac.iastate.edu/summercamp/index.html

Slashdot Top Deals