Blog Posts Tagged with "Pen Testing"

2fb7499ecf0556150d20d49a5e92486c

There's a New Sheriff in Town – PCI DSS Lays Down the Law to Improve Pen Testing Requirements

January 29, 2014 Added by:Michael Sabo

The PCI’s 12 mandatory requirements are designed to protect cardholder data from the threat of fraud or theft. Requirement 11.3 gets to the heart of the pen test, and it was revised in PCI-DSS version 3.0.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Remediating Assessment Results Might be Harmful to Your Business

September 11, 2013 Added by:Rohit Sethi

Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Home Wireless Pen Testing for Business or Pleasure . . . .

June 21, 2013 Added by:Jayson Wylie

My intent for presenting the following information is to identify and start people in the use of easy and commonly used BackTrack 5 R3 (BT5 R3) tools to look for some of the more current critical flaws found in the home brand lines of network wireless devices

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Penetration Testers: Backtrack 5 Release Slated for May

May 04, 2011 Added by:Headlines

BackTrack 5 will be based on Ubuntu Lucid (10.04 LTS), will support 32 and 64 bit architectures, and will officially support KDE 4, Gnome and Fluxbox while providing users streamlined ISO downloads of each Desktop Environment...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Interesting DNS Stuff - SRV Records

March 26, 2011 Added by:Rob Fuller

The following are good adds to your DNS brute force list. These are all SRV records so make sure your type is set correctly. SRV records tell you the port in the answer. I don't know of any DNS tools that utilize SRV as part of their process, but scripting dig to do so isn't tough...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Brute Forcing Passwords and Word List Resources

February 20, 2011 Added by:Rob Fuller

Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..

Comments  (1)

0b8d1c9dc5f4a80e6646d8d18b8683fe

Armitage: AKA - Making Metasploit Even Easier

January 20, 2011 Added by:Ben Keeley

The application is aimed at Security Professionals who whilst understanding hacking and knowing what they want to accomplish with Metasploit, may not be familiar enough with Metasploit itself to carry the required actions out. This is a brief introduction into Armitage's power...

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Weaponizing the Nokia N900 - Part 3

December 01, 2010 Added by:shawn merdinger

Overall, the usefulness of this written in Python is huge, and it allows the savvy user and coder to pull functionality from the SMSCON Python script and roll-your-own mini-tools to do specific actions on the N900...

Comments  (0)

F8f122d50eba11c3af5607575b277bc6

Penetration Testing for Low Hanging Fruit - Part 7 of 7

November 08, 2010 Added by:Bryan Miller

It is my hope that this series of articles have successfully made the case for performing regularly scheduled penetration tests. When combined with enforceable policies and procedures such tests can be an invaluable asset to any organization...

Comments  (10)

F8f122d50eba11c3af5607575b277bc6

Pen Testing for Low Hanging Fruit - Part 5 of 7

October 27, 2010 Added by:Bryan Miller

Security auditing needs to be thought of as a wheel that never ends or a goal that is never quite achieved. There are no 100% guarantees in the field of IT Security so testing is one way to ensure that security and privacy controls are constantly being tested...

Comments  (0)

F8f122d50eba11c3af5607575b277bc6

Pen Testing for Low Hanging Fruit - Part 4 of 7

October 21, 2010 Added by:Bryan Miller

Penetration testing is a necessary undertaking. Debate continues on whether internal or external testing is more important as well as the frequency of testing. But most security and privacy advocates agree that periodic security audits need to be performed...

Comments  (0)

F8f122d50eba11c3af5607575b277bc6

Pen Testing for Low Hanging Fruit - Part 3 of 7

October 19, 2010 Added by:Bryan Miller

The thought is that if you scare clients enough they will spend money on your products and services. This tactic may have worked 5-10 years ago but not today. With the amount of security information available on the Internet it is hard to bluff your way into a client's wallet...

Comments  (0)

F8f122d50eba11c3af5607575b277bc6

Pen Testing for Low Hanging Fruit - Part 2 of 7

October 14, 2010 Added by:Bryan Miller

The real value in penetration testing is using the information learned from one device to take control of another. The tester must follow the trail and use the clues provided to eventually gain access to the really important and sensitive data...

Comments  (2)

F8f122d50eba11c3af5607575b277bc6

Pen Testing for Low Hanging Fruit - Part 1 of 7

October 11, 2010 Added by:Bryan Miller

Security professionals have debated the definition and merits of penetration testing. One of the goals of penetration testing is to test for vulnerabilities that could be exploited by employees, contractors, guests and automated attack software such as worms, viruses and trojans...

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Weaponizing the Nokia N900 - Part 2

September 21, 2010 Added by:shawn merdinger

Welcome to the 2nd post in my series of leveraging the power of the Nokia N900 handheld using opensource, cutting-edge security tools for ethical penetration testing. The idea is to cover security-related tools and packages that enhance the N900's capability as a penetration testing platform...

Comments  (0)

5a432ca05467666d90425b7b869c5003

Strategies for Choosing the Right Pen Test

August 08, 2010 Added by:Ron Lepofsky

Pen tests may seem like a security test panacea. However they have been known to go terribly wrong and become vastly expensive. Here’s what you need to know to make sure you get the results you want at the price you expect...

Comments  (1)