How about the would-be victims don’t ship exploitable software to production? If that’s not possible, then maybe they should signup for an automated targeted hacking service to find the exploitable bugs before someone else does.
Your argument is straight out of the 1990s. We’ve moved beyond this as an industry, as you can see from the proliferation of bug bounty programs, responsible disclosure policies, CVE transparency, etc…
Yup as mentioned, we do the TXT verification of the domain. We also don't offer self service sign up, so we are able to screen customers ahead of time and regularly monitor for any bad behavior.
In the video demo they showed requiring a TXT in the DNS to confirm you have consent
so they'll point it a domain they control, then reverse proxy it onto their target?
And in the process, reveal their own IP address rather than MindFort's.
by theirs, you mean, the IP of a IoT device/router they've hacked
What do you propose they do instead?
not offer automated targeted hacking as a service?
even the booters market themselves as as "legitimate stress testing tools for enterprise"
How about the would-be victims don’t ship exploitable software to production? If that’s not possible, then maybe they should signup for an automated targeted hacking service to find the exploitable bugs before someone else does.
Your argument is straight out of the 1990s. We’ve moved beyond this as an industry, as you can see from the proliferation of bug bounty programs, responsible disclosure policies, CVE transparency, etc…
> not offer automated targeted hacking as a service?
MindFort is not the first and won't be the last. There are plenty of DAST tools offered as a SaaS that are the same thing.
Yup as mentioned, we do the TXT verification of the domain. We also don't offer self service sign up, so we are able to screen customers ahead of time and regularly monitor for any bad behavior.