I am a security enthusiast (OSCP) since my young age. I try to change mind around me about the necessity of pentesting. Indeed, I did several audits, wrote security policies, did several pentests. Everything is needed:
- Risk assessments (ISO 2700X) to analyse the process and decide at the right management level with all stakeholders what to do, how and with which priority;
- Pentests to analyse the implementation of security policies and measures to detect any vulnerability or additional threats vectors;
- Security Awareness to maintain or improve a sufficient knowledge to be aware of the risk, how to detect it and how to react.
So why this blog? Just my way to share part of my knowledge. Have a good reading and do not hesitate to contact me
Nota: this blog is for an educational purpose. Any intrusion or tentative without authorization is illegal. French law: article 323-1 to 323-7.