Penetration Testing
Page 2 of 612345...Last »

Mar 31st, 2009

Comments: 0
Category: Penetration Testing
Read More

Rack for Pen Testing

One of the many things I got introduced to at Scotland on Rails was the Rack project. Designed to help create flexible web application deployments, it creates an interface between webservers and ruby web app. frameworks (rails, sinatra etc). Reading some of the examples, it occurred to me that Rack could be pretty handy for […]

Dec 22nd, 2008

Comments: 0
Category: Penetration Testing
Read More

Penetration Test Scoping

Got a reminder I’ve not blogged in a while, so here’s the next part of what I was going to talk about.. So, following on from my first post in this series I thought I’d go on to talk about penetration test scoping. Getting the scope right is one of the most important parts of […]

Dec 14th, 2008

Comments: 1
Category: Penetration Testing
Read More

What is Penetration Testing?

I’m planning to do a series of posts about penetration testing over the next couple of weeks so I thought I should start in the obvious place of defining what it actually is. You’d think this would be relatively straightforward, but the term “penetration testing” is mis-used all over the place. Some people use it […]

Apr 24th, 2008

Comments: 1
Category: Penetration Testing
Read More

PCI 6.6 clarification – Am I missing something?

Recently there have been some clarifications around a couple of sections of the PCI-DSS, in particular one on section 6.6 . This update has created some comment and articles but none of the ones I’ve read has focused on the main point, as far as I can see… Previously there were two options for satisfying […]

Aug 22nd, 2007

Comments: 2
Category: Penetration Testing
Read More

The start of an interesting series of blogs

The Art of Scoping Application Security Reviews (Part 1) – The Business ォ Mark Curphey – SecurityBuddha.com Mark Curphys starting a series of posts on application security review scoping, which should be interesting reading (although I imagine it may annoy some people in the industry ;o) ) In this one looking at the business aspects […]

Aug 5th, 2007

Comments: 0
Category: Penetration Testing
Read More

Handy Footprinting/research tool

Came across a tool that should help make light work of the research phase of a penetration test today. Paterva Evolution. Essentially seem to be a nice graphical way of establishing connections related to a specific resource. So for example, any email addresses that are findable relating to a given domain name. Of course that […]

Jul 12th, 2007

Comments: 0
Category: Penetration Testing
Read More

More random thoughts on OWASP

Matasano Chargen Random Thoughts On OWASP One of those times when I start writing a comment on a post and end up rambling for so long that it ends up being worth a post… — I’ll chime in on the OWASP needs some staff line. I know they’ve got loads of great people running it […]

Jun 19th, 2007

Comments: 0
Category: Penetration Testing
Read More

HP to acquire SPI… Cenzic/Acunetix/… next?

Rational Security: Bye Bye, SPI (Dynamics…) Well that’s SPI getting acquired now by HP to follow on from IBM buying Watchfire There may be loads of companies left in the security community waiting to get bought up, but there’s only really Cenzic left of the original top 4 web application scanning tools left, and some […]

May 20th, 2007

Comments: 0
Category: Penetration Testing
Read More

List of SQL Injection scanners

Top 15 free SQL Injection Scanners – Security-Hacks.com Interesting looking list of SQL injection scanners although Justin notes here that at least one of them, sqlbrute, isn’t really a scanner. Anyway I’m planning to run some tests on them to see how they handle some basic SQL injection flaws, so it’ll be interesting to see […]

Apr 14th, 2007

Comments: 0
Category: Penetration Testing
Read More

White-Hats and Hacks

Information Security Sell Out: White Hats & Application Security Interesting post on the Information Security Sell out blog which comments on story from CNet here and a post over a StillSecure here I’m mainly with the sellout guy. Whilst it’s a shame that we lose an aspect of bug finding, there’s no way for a […]