[Article]-Interview: Kevin Johnson of SANS, InGuardians

[don]

Great interview by an energetic new contributor. Thanks, Jason.

Permanent link: [Article]-Interview: Kevin Johnson of SANS, InGuardians

Review by Jason Haddix, Security Aegis

Anyone who knows training (or InfoSec for that matter) knows SANS is probably THE most recognized name in InfoSec training. While the foundation of SANS is Stephen Northcutt and Alan Paller, his superstars are the InGuardian’s crew. Call them security divas, we don’t care. We know that Ed Skoudis, Kevin Johnson, Mike Poor, and Joshua Wright are instructors with whom we’d give the whole of our security budget to train. We can’t decide what we like best: their stellar tool development, their helpful whitepapers, their nifty cheat sheets, their open source projects, or the fact that their courses are the most interesting and engaging we’ve seen.

Web application pen testing is a huge focus for the security space right now, and SANS just turned their 4-day SEC542 - Web App Penetration Testing and Ethical Hacking into a 6-day class. We had the chance to pick the brain of its instructor/creator Kevin Johnson, InGuardian pen tester, father, and all around great guy.

Read on as he answers our questions on a wide array of our web-app security queries.
 

Don

[unsupported]

Great article Jason!  Who exactly said that pen testing is declining (dead)?

I met Kevin last month at a local ISSA meeting he was presenting at on the basics of Incident Handling.  Very engaging speaker.  I would not miss the opportunity to hear him speak again!

[Jhaddix]

Well he will be presenting his socialbutterfly tool at Defcon so dont miss it!

That question was loosely based on some statements of a certain OWASP supporter, who i will not name. He said network pentesting is dying, and webapp is the way of the future. I thought it pertinent enough bring up as I've heard others have comments which go along with that belief. Very untrue but wanted Kevin's input.

[UNIX]

I think too that the main part will become webapp pentesting but surely network pentesting won't die out. Maybe the whole webapp security will become a litte less important after a later future when the boom is over.

But I am pretty sure that webapp security will be at least for the next time the bigger market for penetration testers.

[Andrew Waite]

Wow, just got time to read this interview. Great work Jason, always interesting to hear what Kevin and the rest of the inGuardians team are up to.

Unfortunately I normally end up with a large list of new tools I want to investigate in more depth....

[don]

Submitted to digg:

http://digg.com/security/Interview_Kevin_Johnson_of_SANS_InGuardians

Please vote,
Don