Re: Bank Assessment

From: Max (reply.to.newsgroup@mozilla.org)
Date: Tue Apr 20 2004 - 12:54:32 EDT


Hi Joe,

I do pen tests for banks in Switzerland and the one thing that is true
in all my missions is: "Banking Secret".

I have no rights to discuss anything pertaining to my missions even to
colleagues in my company. Neither method, tools, approach and obviously,
results can be discussed nor made public. The only thing I can tell you
is that, in banks out here, the IT staff is usually very competent, they
know a whole lot (sometimes more than we, consultants), they have square
policies and the main reason they want an outsider to do the test is
because they have to (by law) or they don't have time to do it themsleves.

Your best source of information pertaining to bank pen testing is the IT
staff from the bank who hired you. They will tell you everything you
*need* to know, nothing more... and don't try to ask for more, they
won't give it :-)

Cheers,

-- 
M@x
Joe Smith wrote:
>I'm looking for any good links with regard to Banking Institutions..
>Security assessments, pen-testing, special needs etc.    I know they are
>big on policies and procedures.    
>
>  
>
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT