Already now a majority of "security people" know very little about security and only about how to use some kind of pre-made penetration testing tool. The penetration testing tool shows a bunch of green lights in its web GUI board and all is assumed well. Yet, a real security expert with evil intentions has broken the system long ago and keeps selling valuable data on the darknet. Nothing is leaked and nothing is discovered. This can go on for years without anyone finding out because, well, the GUI board says that all is OK.
This is my biggest fear when asking for a penetration test from a company I don't know and can't evaluate their expertise since I never had a penetration test before and thus don't what to look out for
I got some advice from a friend that it's important to have connections or know the reputation of the company so exactly this doesn't happen.
Damn, this article hits so close home, I have to tip 1k+ sats to my own bot, lol
reply