Achieving security and not obscurity
This section will discuss how we stay away from obscurity and actually help ourselves, our clients, and our business on how to maintain some sense of actual security implementation after pentesting an organization. It's critical that we use best practices and let our clients know and understand how to better their security posture without hindering the ability of those clients to do daily operations. However, this doesn't mean placing a security control that really does nothing but patch a Band-Aid.
Important note
A Band-Aid is a temporary fix that isn't exactly the best fix. Additionally, a Band-Aid could easily be bypassed with some general knowledge of the network or system.
Security through obscurity
Let's discuss some content on what security through obscurity really means to us and to our pentesting engagements, especially when it comes to discussing how we implement that type of pseudo-security...