DEFCON 29 IoT Village - Ted Harrington - When Penetration Testing Isn't Penetration Testing At All

When companies want to build secure IoT systems, they know they need to test their system for security flaws, which typically leads them to seek out “penetration testing.” However, this term has become so misused across the security community that it’s hard to decipher what is really happening. So where does that leave you? What is your security testing program actually doing (and not doing)? In this keynote, you’ll learn the often widely misunderstood difference about what penetration testing is (and is not). Drawing insights from the #1 bestselling book Hackable, you’ll learn why the distinction matters, and you’ll get an insight into the more advanced tactics used by ethical hackers, such as functionality abuse and exploit chaining. By design, this keynote is more strategic rather than technical, and will equip you with insights to think differently about your security testing program. As a result, you’ll leave with new ideas about how to build better, more secure systems.