Cybersecurity

5614 readers

275 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Why Pay A Pentester? (thehackernews.com)

submitted 1 month ago by gwilikers@lemmy.ml to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

What do you guys think? I don't think there's a lot of depth to the arguments, myself. It reads more like an threadbare op-ed with a provocative title. But I'd like to hear you opinions on the impact of automated testing solutions on the role of pen-testers in the industry.

top 4 comments

sorted by: hot top controversial new old

[–] schizo@forum.uncomfortable.business 7 points 1 month ago* (last edited 1 month ago)

It reads like an advertisement for software-automated pentesting that just forgot to include a link to what they're selling.

I don't know if that's the intent, but...

Also, if you want free pentesting, you could always just "accidentally" include credentials to something you push to GitHub. It's free, AND done by a human!

Edit: LMAO, it is an ad. A "contributed piece from our partners" line down at the bottom.

[–] Telorand@reddthat.com 5 points 1 month ago

I do QA Automation for a large software company. We still have manual QA testing, because it's costly and sometimes impossible to automate everything.

Also, there is no scenario where you can automate everything until you can automate social engineering. It's why scammers don't bother trying to hack your bank but instead try to get you to buy $2000 in Applebee's gift cards to settle "an IRS debt that you need to fix RIGHT NOW!"

[–] dotslashme@infosec.pub 3 points 1 month ago

Looks like an LLM wrote this peace of garbage.

[–] sylver_dragon@lemmy.world 3 points 1 month ago

While the broader cybersecurity field has seen rapid advancements, such as AI-driven endpoint security

Ya, about that "AI-driven endpoint security", it does a fantastic job of generating false positives and low value alerts. I swear, I'm to the point where vendors start talking about the "AI driven security" in their products and I mentally check out. It's almost universally crap. I'm sure it will be useful someday, but goddamn I'm tired of running down alerts which come with almost zero supporting evidence, pointing to "something happened, maybe." AI for helping write queries in security tools? Ya, good stuff. But, until models do a better job explaining themselves and not going off on flights of fancy, they'll do more to increase alert fatigue than security.