How Do I Find A Vulnerability Versus How Do I Exploit A Vulnerability?

Recently, a friend of mine, Surya Chandra Rao at CyberQ Consulting, asked me a really relevant question and I respect him for this. He asked me the following:

DNS spoofing, DNS Server Recursive Query Cache Poisoning Weakness, ASP.NET DEBUG Method Enabled. How can i exploit those vulnerabilities?

The poignant fact is that the most effective way to prove a security issue exists is not to muse over its potential existence but prove that it is live and out there in the wild.

False positives are reputation killers for penetration testers and the old “cry wolf” analogy applies here.

Stock up your toolbelt with tools that prove that (1) reputation can be damaged, (2) data can be stolen, (3) proprietary ideas and information can be stolen and, finally, (4) someone can wreck havoc with downtime.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s