Recently, a friend of mine, Surya Chandra Rao at CyberQ Consulting, asked me a really relevant question and I respect him for this. He asked me the following:
“DNS spoofing, DNS Server Recursive Query Cache Poisoning Weakness, ASP.NET DEBUG Method Enabled. How can i exploit those vulnerabilities?”
The poignant fact is that the most effective way to prove a security issue exists is not to muse over its potential existence but prove that it is live and out there in the wild.
False positives are reputation killers for penetration testers and the old “cry wolf” analogy applies here.
Stock up your toolbelt with tools that prove that (1) reputation can be damaged, (2) data can be stolen, (3) proprietary ideas and information can be stolen and, finally, (4) someone can wreck havoc with downtime.