The risks that pen tests don't find presented at OWASP AppSecAsiaPac 2012

by Gary Gaskell,

Tags: Security

Summary : "Penetrations tests are a crucial element of an organisation's security plan. This is not likely to change in the near term. However, there are several security risks that pen tests don't detect.
This presentation will give an overview of this class of security risks and how to identify them. A focus will be on the emerging risks of using virtual server and storage infrastructure to host web applications - particularly where organisations use the internal SAN to provide storage to web applications.
The talk will inform attendees about where to get the reference information from and how to test or inspect the security settings using the philosophy that this should not be a black art but just normal IT security practice."