{"id":15499,"date":"2015-03-23T14:41:45","date_gmt":"2015-03-23T13:41:45","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15499"},"modified":"2021-06-03T10:25:38","modified_gmt":"2021-06-03T09:25:38","slug":"le-fardeau-du-pentesteur","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/03\/le-fardeau-du-pentesteur\/","title":{"rendered":"Le fardeau du pentesteur"},"content":{"rendered":"
\n
<\/a><\/div>\n

La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique de s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information. Des sessions de sensibilisation des utilisateurs \u00e0 la s\u00e9curit\u00e9 sont r\u00e9alis\u00e9es. Une gouvernance s\u00e9curit\u00e9 s\u2019est m\u00eame mise en place : le RSSI pilote, d\u00e9finit des KPI, analyse ses tableaux de bords SSI. Mais la technique n\u2019est pas non plus oubli\u00e9e ; on sait d\u00e9sormais que rien ne vaut un test d\u2019intrusion pour v\u00e9rifier, en imitant les m\u00e9chants hackers, le niveau de s\u00e9curit\u00e9 d\u2019une application ou d\u2019un SI. Et ils v\u00e9curent heureux et ne subirent aucune attaque ? Pas si s\u00fbr…<\/span><\/span><\/i><\/p>\n<\/div>\n

\n

Le test d\u2019intrusion n\u2019est pas une science exacte<\/h2>\n<\/div>\n
\n
Non, malheureusement, le test d\u2019intrusion n\u2019est pas une science exacte. C\u2019est une d\u00e9marche qui rel\u00e8ve plus de la pratique que de la th\u00e9orie. Et c\u2019est tant mieux. Pourquoi ? Le test d\u2019intrusion n\u2019est pas un audit. L\u2019objectif du test d\u2019intrusion est d\u2019avoir une vision r\u00e9aliste, \u201cterrain\u201d, du niveau de s\u00e9curit\u00e9 d\u2019une application, d\u2019un environnement ou d\u2019un syst\u00e8me. Le pentesteur dispose alors d\u2019informations limit\u00e9es sur sa cible, et doit faire appel \u00e0 ses connaissances et comp\u00e9tences pour essayer de comprendre les rouages de son fonctionnement, afin d\u2019identifier les \u00e9ventuelles vuln\u00e9rabilit\u00e9s. C\u2019est en cela qu\u2019un test d\u2019intrusion automatique est un non-sens ! L\u2019automatisation ne permet pas cette compr\u00e9hension fine du fonctionnement de la cible, et se contente de d\u00e9rouler des sc\u00e9narii de tests pr\u00e9d\u00e9finis.<\/span><\/div>\n
<\/div>\n
Par ailleurs, m\u00eame si le pentesteur vise l\u2019exhaustivit\u00e9 dans ses tests, les conditions de r\u00e9alisation jouent souvent contre lui ! Le test a forc\u00e9ment une dur\u00e9e limit\u00e9e, qui ne permet d\u2019explorer qu\u2019un nombre limit\u00e9 d\u2019options. De plus, l\u2019environnement sur lequel se d\u00e9roulent les tests est rarement identique \u00e0 100% \u00e0 l\u2019environnement de production, que ce soit par des diff\u00e9rences de configuration, des fonctionnalit\u00e9s non-disponibles, ou des comptes utilisateurs.<\/span><\/div>\n
<\/b>
\nUne premi\u00e8re frustration pour le pentesteur : savoir que son travail, m\u00eame d\u00e9vou\u00e9, n\u2019est jamais totalement complet.<\/span><\/b><\/div>\n

Des tests d\u2019intrusion souvent mal exploit\u00e9s<\/h2>\n<\/div>\n
Les tests d\u2019intrusion sont de plus en plus fr\u00e9quemment g\u00e9r\u00e9s par \u201ccampagne\u201d, mission d\u2019une dur\u00e9e plus longue et qui regroupe plusieurs audits, r\u00e9alis\u00e9s souvent par le m\u00eame prestataire. On peut ainsi assurer une certaine homog\u00e9n\u00e9it\u00e9 dans les audits, profiter d\u2019un contexte client mieux connu, et proposer des recommandations plus adapt\u00e9es.<\/span>
\n<\/span>
\nMalheureusement, une fois cette information obtenue, il convient de traiter les risques (ou de les accepter, pourquoi pas…). Force est de constater que cette \u00e9tape n\u2019est pas la plus ma\u00eetris\u00e9e, dans la plupart des cas. Les campagnes d\u2019audit men\u00e9es de mani\u00e8re r\u00e9currente sur des p\u00e9rim\u00e8tres comparables font souvent appara\u00eetre des rapports d\u2019audit grandement similaires, voir identiques.<\/span>
\n<\/span>
\nPourquoi cette situation ? Malheureusement, si les budgets SSI permettent les audits, ils sont rarement dimensionn\u00e9s pour absorber le co\u00fbt de la mise en \u0153uvre des recommandations. De plus, les \u00e9quipes projets sont bien trop souvent r\u00e9fractaires aux changements, d\u2019autant plus qu\u2019ils sont \u00e0 appliquer globalement (probl\u00e9matiques de contr\u00f4le d\u2019acc\u00e8s, de filtrage des entr\u00e9es,\u2026).<\/span>
\n
\n<\/span><\/span><\/p>\n
Par ailleurs, au-del\u00e0 des querelles sur la r\u00e9elle n\u00e9cessit\u00e9 d\u2019impl\u00e9menter tel ou tel m\u00e9canisme de s\u00e9curit\u00e9 (d\u2019autant plus vigoureuse que l\u2019application est \u201cinterne\u201d), c\u2019est tr\u00e8s souvent l\u2019impl\u00e9mentation des m\u00e9canismes de s\u00e9curit\u00e9 qui fait d\u00e9faut. Les risques sont identifi\u00e9s, des mesures de protection identifi\u00e9es et valid\u00e9es, et pourtant, le jour du test d\u2019intrusion, les illusions volent en \u00e9clat.<\/span><\/span><\/div>\n<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
\n

 <\/p>\n

C\u2019est bien l\u00e0 le regret du pentesteur : d\u00e9couvrir que son travail n\u2019a servi \u00e0 rien; qu\u2019un an plus tard, les vuln\u00e9rabilit\u00e9s sont toujours pr\u00e9sentes et que d\u2019autres sont m\u00eame venues s\u2019ajouter.<\/span><\/span><\/b><\/span><\/span><\/div>\n<\/div>\n
\n

<\/h2>\n

Quelles conclusions pour la r\u00e9alisation de tests
\nd\u2019intrusion ?<\/h2>\n<\/div>\n
Faut-il stopper la r\u00e9alisation de tests d\u2019intrusion ? Non, sans doute pas. En revanche, il convient peut-\u00eatre de modifier la mani\u00e8re dont on utilise ces ressources.\u00a0<\/span>
\n<\/span><\/span><\/p>\n
D\u2019abord, il faut savoir choisir ses cibles : inutile de tester le m\u00eame p\u00e9rim\u00e8tre que l\u2019an dernier tant que l\u2019on n\u2019a pas obtenu la confirmation que les recommandations existantes ont \u00e9t\u00e9 appliqu\u00e9es !<\/span><\/span><\/div>\n
<\/div>\n
Ensuite, il faut tenter de traiter le probl\u00e8me \u00e0 la racine : il est inefficace d\u2019empiler les recommandations sur les failles XSS tant que les d\u00e9veloppeurs ne savent pas correctement traiter les entr\u00e9es utilisateurs ! Et pour cela, le pentesteur peut apporter plus qu\u2019une liste de vuln\u00e9rabilit\u00e9s \u00e0 la Pr\u00e9vert. Il doit s\u2019assurer de l\u2019adh\u00e9sion des \u00e9quipes techniques aux recommandations, ainsi que de leur impl\u00e9mentation technique. Pour cela, la r\u00e9alisation d\u2019ateliers avec les \u00e9quipes techniques, visant \u00e0 identifier dans le d\u00e9tail l\u2019impl\u00e9mentation des recommandations, est un vrai plus ! En <\/span><\/span>compl\u00e9ment de cet accompagnement sur la mise en \u0153uvre de moyens de protection, les r\u00e9sultats du test d\u2019intrusion doivent \u00e9galement permettre la fiabilisation des m\u00e9canismes de supervision s\u00e9curit\u00e9. Pour cela, un travail main dans la main avec les \u00e9quipes de supervision est n\u00e9cessaire, ainsi qu\u2019un bilan \u00e0 froid des actions qui ont \u00e9t\u00e9 men\u00e9es, celles qui ont \u00e9t\u00e9 d\u00e9tect\u00e9es et celles ne l\u2019ayant pas \u00e9t\u00e9. On initie ainsi un cercle vertueux d\u2019am\u00e9lioration de la d\u00e9tection au cours du temps, concentr\u00e9 sur des \u00e9l\u00e9ments \u00ab terrain \u00bb.<\/span><\/span><\/div>\n
<\/div>\n
Cette collaboration plus \u00e9troite entre les \u00e9quipes de s\u00e9curit\u00e9 et les pentesteurs est sans doute la cl\u00e9 pour un meilleur ROI sur les tests d\u2019intrusion. On trouve des r\u00e9f\u00e9rences \u00e0 cette approche sous le nom de \u201cpurple team\u201d, une r\u00e9f\u00e9rence aux notions de \u201cblue team\u201d (d\u00e9fense) et de \u201cred team\u201d (attaque) utilis\u00e9e dans le domaine militaire.<\/span><\/span><\/div>\n
<\/div>\n<\/div>\n
<\/div>\n
<\/div>\n
\n

 <\/p>\n

Le salut du pentesteur pourrait donc r\u00e9sider dans <\/b>cette approche : offrir plus qu\u2019un rapport et des slides, et avoir une d\u00e9marche <\/b>plus int\u00e9gr\u00e9e pour, enfin, am\u00e9liorer la s\u00e9curit\u00e9.<\/b><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique de s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information. Des sessions de sensibilisation des utilisateurs \u00e0 la s\u00e9curit\u00e9 sont r\u00e9alis\u00e9es. Une gouvernance s\u00e9curit\u00e9 s\u2019est…<\/p>\n","protected":false},"author":20,"featured_media":14577,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3854,3225],"tags":[3858,3859,3860,1203],"coauthors":[780],"class_list":["post-15499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-deep-dive","category-ethical-hacking-indicent-response","tag-pentest","tag-pentesteur","tag-test-dintrusion","tag-vulnerabilites"],"acf":[],"yoast_head":"\nLe fardeau du pentesteur - RiskInsight<\/title>\n<meta name=\"description\" content=\"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Le fardeau du pentesteur - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-23T13:41:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-03T09:25:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1641\" \/>\n\t<meta property=\"og:image:height\" content=\"1158\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"Le fardeau du pentesteur\",\"datePublished\":\"2015-03-23T13:41:45+00:00\",\"dateModified\":\"2021-06-03T09:25:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\"},\"wordCount\":1083,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg\",\"keywords\":[\"pentest\",\"pentesteur\",\"test d'intrusion\",\"vuln\u00e9rabilit\u00e9s\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Deep-dive\",\"Ethical Hacking & Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\",\"name\":\"Le fardeau du pentesteur - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg\",\"datePublished\":\"2015-03-23T13:41:45+00:00\",\"dateModified\":\"2021-06-03T09:25:38+00:00\",\"description\":\"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg\",\"width\":1641,\"height\":1158},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Le fardeau du pentesteur\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Le fardeau du pentesteur - RiskInsight","description":"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/","og_locale":"en_US","og_type":"article","og_title":"Le fardeau du pentesteur - RiskInsight","og_description":"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique","og_url":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/","og_site_name":"RiskInsight","article_published_time":"2015-03-23T13:41:45+00:00","article_modified_time":"2021-06-03T09:25:38+00:00","og_image":[{"width":1641,"height":1158,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Arnaud Soulli\u00e9","twitter_misc":{"Written by":"Arnaud Soulli\u00e9","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"Le fardeau du pentesteur","datePublished":"2015-03-23T13:41:45+00:00","dateModified":"2021-06-03T09:25:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/"},"wordCount":1083,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg","keywords":["pentest","pentesteur","test d'intrusion","vuln\u00e9rabilit\u00e9s"],"articleSection":["Cybersecurity & Digital Trust","Deep-dive","Ethical Hacking & Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/","url":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/","name":"Le fardeau du pentesteur - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg","datePublished":"2015-03-23T13:41:45+00:00","dateModified":"2021-06-03T09:25:38+00:00","description":"La s\u00e9curit\u00e9 informatique a fait du chemin ces derni\u00e8res ann\u00e9es. D\u00e9sormais, toute entreprise de taille respectable dispose de sa politique","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/11\/Fotolia_76258822_Subscription_Monthly_M.jpg","width":1641,"height":1158},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/03\/le-fardeau-du-pentesteur\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Le fardeau du pentesteur"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15499"}],"version-history":[{"count":17,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15499\/revisions"}],"predecessor-version":[{"id":15501,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15499\/revisions\/15501"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/14577"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15499"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}