{"id":8796,"date":"2021-02-25T16:16:00","date_gmt":"2021-02-25T15:16:00","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/news-next-level-pentesting-interview\/"},"modified":"2021-07-01T17:17:10","modified_gmt":"2021-07-01T15:17:10","slug":"news-next-level-pentesting-interview","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/news-next-level-pentesting-interview\/","title":{"rendered":"Next Level Pentesting: Why the classic pentest approach is reaching its limits"},"content":{"rendered":"\n<p>For more than 25 years, we have been helping companies achieve more security and monitoring developments and trends. In this interview with&nbsp;<strong>Matthias G\u00f6hring, Head of usd HeroLab<\/strong>&nbsp;and&nbsp;<strong>Sebastian Puttkammer, usd Managing Consultant IT Security and Head of HeroLab Tools<\/strong>, we talk about why classic approaches in the field of penetration testing no longer do justice to increasingly complex environments and what future-proof solutions look like.<\/p>\n\n\n\n<p><strong>What do you understand by the classic pentest approach?<\/strong><\/p>\n\n\n\n<p><strong>Matthias G\u00f6hring:&nbsp;<\/strong>\u201cClassic pentests, as they are conducted by companies today, are a black box for customers. There is a lack of overarching standardization in the way they are carried out: test depth, test coverage and scope vary from provider to provider, but are impossible to compare. In addition, the results reports only include identified vulnerabilities and the tests that do not result in a vulnerability are usually not documented.\u201d<\/p>\n\n\n\n<p><strong>Why is this transparency in the testing process important?<\/strong><\/p>\n\n\n\n<p><strong>Sebastian Puttkammer:<\/strong>&nbsp;\u201cWithout transparency and standardization, it always remains unclear to the customer as to what has been tested during the pentest. Since pentests are carried out across different industries, the requirements for execution and documentation also vary. There are already security standards that stipulate the traceability of the test steps performed. It is not possible to map these adequately with the approaches used to date. In addition, with the classic pentest, customer-specific requirements cannot be mapped in most cases.\u201d<\/p>\n\n\n\n<p><strong>How do you plan to solve the problems you\u2019ve highlighted?<\/strong><\/p>\n\n\n\n<p><strong>SP:<\/strong>\u00a0\u201cWe have really taken our penetration testing to the next level in terms of transparency and standardization per pentest category in recent years. We laid the foundation for this with our\u00a0<a class=\"rank-math-link\" href=\"https:\/\/herolab.usd.de\/en\/our-platforms-and-tools\/\" target=\"_blank\" rel=\"noopener\">toolchain<\/a>. It allows us a high degree of automation, which goes hand in hand with comparability, reproducibility and efficiency. This gives our pentesters more time for targeted and manual testing, which increases the quality of the analyses by, among other things, testing more for logic errors.\u201d<\/p>\n\n\n\n<p><strong>MG<\/strong>: \u201cIn addition, we can integrate customer-specific requirements more easily with the help of the toolchain. Thanks to the complete and transparent documentation, the individual test steps are comprehensible for our customers. Especially since we also record the test steps in the report where no vulnerabilities were identified. An important requirement from the customer\u2019s point of view.\u201d<\/p>\n\n\n\n<p><strong>In which way will the HeroLab toolchain be further developed?<\/strong><\/p>\n\n\n\n<p><strong>MG<\/strong>: \u201cOur know-how and experience are constantly being incorporated into the further development of our tool landscape, resulting in ingenious synergy effects: For example, we are increasingly discovering so-called\u00a0<a class=\"rank-math-link\" href=\"https:\/\/herolab.usd.de\/en\/security-advisories\/\" target=\"_blank\" rel=\"noopener\">zero days<\/a>\u00a0and, through Responsible Disclosure, are supporting software providers in closing critical gateways for hackers in a timely manner. Thanks to our tool landscape, we are also creating a constantly optimized training environment for our internal training program, the\u00a0<a class=\"rank-math-link\" href=\"https:\/\/herolab.usd.de\/en\/the-way-we-work\/\" target=\"_blank\" rel=\"noopener\">\u201cusd HeroLab Certified Professional\u201d<\/a>. This guarantees that our analysts always perform their security checks at the highest level. And we still have a lot up our sleeve for the future!\u201d<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>Learn more about the usd HeroLab toolchain and how it supports our customers and security analysts on the path to more security in our English-language webinar\u00a0<a class=\"rank-math-link\" href=\"https:\/\/attendee.gotowebinar.com\/register\/4580612033105031693?source=News\" target=\"_blank\" rel=\"noopener\">\u201cNext Level Pentesting\u201d<\/a>\u00a0on March 18th 2021.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"767\" height=\"422\" src=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-usdWebinar.jpg\" alt=\"\" class=\"wp-image-4468\"\/><figcaption> <\/figcaption><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For more than 25 years, we have been helping companies achieve more security and monitoring developments and trends. In this interview with&nbsp;Matthias G\u00f6hring, Head of usd HeroLab&nbsp;and&nbsp;Sebastian Puttkammer, usd Managing Consultant IT Security and Head of HeroLab Tools, we talk about why classic approaches in the field of penetration testing no longer do justice to [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":8797,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,374],"tags":[377,378,405,406,407,408],"class_list":["post-8796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-pentests-security-analyses-en","tag-penetrationstest-en","tag-pentest-en","tag-pentest-anbieter-en","tag-pentest-tools-en","tag-toolchain-en","tag-usd-herolab-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/8796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=8796"}],"version-history":[{"count":0,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/8796\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/8797"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=8796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=8796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=8796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}