Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Article: "Security Testing Demystified"

from [Debasis Mohanty] Network Security [Permanent Link]
Subject: Article: "Security Testing Demystified"
Date: Thu, 19 Jan 2006 03:00:08 +0530 

Hello List Members, 

This is an announcement for the release of the article called "Security
Testing Demystified". This article has been written in very simple language
which can be understood not only by security testers but also can be read &
understood by non-technical managers as well. 

Just to summarise, this article doesn't talk anything specific about a
particular type of attack rather demonstrate a holistic approach for
security testing.  At a broader level it covers the following areas - 

-       Anatomy of Security Testing
o       Understanding the product and its architecture
o       Identifying possible attack vectors
o       Preparation of test cases
o       Vulnerability Research & Discovery
o       Exploitation of vulnerabilities found
o       Compilation of final security testing report
o       Final discussions of bug findings and fixes

-       Briefs about various mistakes and assumptions made by programmers
o       Talks about why HTTP-REFERRER is a bad thing to rely on
o       How important it is to validate all client side info sent to the
server?
o       [. . .]

-       How to identify potential attack vectors?
-       How wild and evil imaginations are important attributes for a
security tester?
-       Anatomy of a Security Testing Report
-       Why a final live hack demo is a good thing to do?

I started writing this article in the month of march, 2005 however, due to
time constraints I got almost delayed by 10 months. This article can be
downloaded from -
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp


Feel free to mail me for any kind of queries or suggestions at - debasis
[at] hackingspirits.com or debasis_mty [at] yahoo.com


Regards,
Debasis Mohanty
www.hackingspirits.com



-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Article: "Security Testing Demystified", Debasis Mohanty <=
Previous by Date:  Re: Hacking With The Google Search Engine, Ryan McGeehan
Next by Date:  Suggestion: email anti-spoof measure on web site, ma . huijuan
Previous by Thread:  Re: Re: notice: mambo scanner, dontbugme
Next by Thread:  Suggestion: email anti-spoof measure on web site, ma . huijuan
Indexes:  [Date] [Thread] [Top] [All Lists]