Penetration Testing Shows Unlikely Vulnerabilities
Page 1 of 1
The Spider Labs division of security firm Trustwave conducts over 2,000 penetration tests a year looking for IT security risks. While some audits find normal flaws, there are some that lead to the discovery of extraordinary types of enterprise security risks.
Speaking at the SecTOR security conference in Toronto last week, Nicholas Percoco, senior vice president and head of SpiderLabs explained that penetration scans need to look beyond the surface to find business logic and other deeply ingrained flaws.
One of the more interesting hacks that Spider Labs has done is called "Do You Want Fries with that Hack?" The penetration testing team was conducting a test for a large restaurant chain that does take-out orders over the Internet. The initial penetration testing sweep revealed that the Web application used Java and Flash and was not at risk from any common exploits or SQL Injection issues.