01 October 2009

Client Side Penetration Testing (Notacon)

Client Sides are the new remote exploit. If you aren't allowing client side attacks during your vulnerability assessments or penetration tests you are ignoring a huge attack vector and the current attack method. You are also failing to exercise your internal and host based exploitation countermeasures (HIDS/HIPS), your ability to test and respond to client side attacks and internal attackers, and missing a valuable opportunity for user awareness training.
This talk will focus on justifying why you should be allowing client side penetration testing and giving penetration testers a basic methodology to conduct client side attacks during their penetration test. We will also give (mostly real-world) examples we used during client side penetration tests to go with our methodology. You can visit the speakers Chris Gates blog and Vince Marvelli blog for more information.