undefined | Better HN

0 pointsrandomdata13y ago0 comments

I can't help but feel a better analogy is finding a rip in the seat of a bus, reporting it, and then poking at the rip a few days later to see if it has been repaired. Going at someone's windows with a crowbar doesn't seem to fit the situation at all, in my opinion.

0 comments

unreal3713y ago

No, he didn't check if this one bug was fixed. I mean, he could have done that without downloading pen test software - just by checking what he previously checked to discover the bug in the first place.

What he did do was download pen test software to automatically check the website for flaws AFTER BEING TOLD NOT TO. He went to every bus and checked every seat, door, window, engine, tire, seat belt for dozens of different flaws without permission.

And yes, pen test software can be destructive. It can put bad data in a database, crash a server, overrun log files, and corrupt things. Penetration testing is not a passive process.

j / k navigate · click thread line to collapse

0 pointsrandomdata13y ago0 comments

0 comments

unreal3713y ago

And yes, pen test software can be destructive. It can put bad data in a database, crash a server, overrun log files, and corrupt things. Penetration testing is not a passive process.

j / k navigate · click thread line to collapse