Re: eBanking Security Testing (network and application) Methodology Released

From: Yuri Demchenko (demch@chello.nl)
Date: Mon Mar 07 2005 - 04:39:54 EST


cbc wrote:
> Hi All,
>
> Be careful on the whitepapers in this website. They
> are from specific vendors and not from third
> independant party. The words they used are skewed
> towards the spec of their product. Be intelligent
> folks!!
>
In contrary, I would say rather few good words in address of this
whitepaper together with some remarks.

Actually it's a good overview of some tools and techniques for general
network diagnostics that can be used for security testing and
post-incident investigation for application specific _network_
infrastructure.

IMHO, the paper should be structured in another way to become more
specific for ebanking whatever is understood under this term.

Checking picture links at http://www.ebankingsecurity.com/testing9.asp
and other pages would be useful.

Regards,

Yuri

peter@ebankingsecurity.com wrote:

> Hello
>
> A new ebanking security testing methodology has been released on
> www.ebankingsecurity.com which covers both applications and generic networks.
>
> This work focuses on practical security testing approaches, and is different from
> other work in that it covers:
>
> 1. Basic Penetration Testing - the usual stuff here, pretty basic and entry level
> 2. Advanced Penetration Testing - this section goes into detail of advanced TCP/IP
> protocol and application level attacks, as well as having a ICMP security attacks
> section.
> 3. Web Application Testing - some useful stuff here, pretty basic I would say for
> most the list.
>
> Above all the content is practical and relevant to todays ebanking and generic e-
> transactions network.
>
> There is an option on the site to download this as a PDF.
>
> All comments and feedback are welcome.
>
> Peter Robinson
> peter@ebankingsecurity.com
> http://www.ebankingsecurity.com
>
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT