From: Doug Fox (dfox168@hotmail.com)
Date: Wed Jan 25 2006 - 22:45:35 EST
Debasis;
Thank you for sharing your experiences. The Power Point Presentation is
concise and practical.
Best regards,
DF
----- Original Message -----
From: "Debasis Mohanty" <mail@hackingspirits.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, January 18, 2006 3:40 PM
Subject: Article: "Security Testing Demystified"
> Hello List Members,
>
> This is an announcement for the release of the article called "Security
> Testing Demystified". This article has been written in very simple
> language
> which can be understood not only by security testers but also can be read
> &
> understood by non-technical managers as well.
>
> Just to summarise, this article doesn't talk anything specific about a
> particular type of attack rather demonstrate a holistic approach for
> security testing. At a broader level it covers the following areas -
>
> - Anatomy of Security Testing
> o Understanding the product and its architecture
> o Identifying possible attack vectors
> o Preparation of test cases
> o Vulnerability Research & Discovery
> o Exploitation of vulnerabilities found
> o Compilation of final security testing report
> o Final discussions of bug findings and fixes
>
> - Briefs about various mistakes and assumptions made by programmers
> o Talks about why HTTP-REFERRER is a bad thing to rely on
> o How important it is to validate all client side info sent to the
> server?
> o [. . .]
>
> - How to identify potential attack vectors?
> - How wild and evil imaginations are important attributes for a
> security tester?
> - Anatomy of a Security Testing Report
> - Why a final live hack demo is a good thing to do?
>
> I started writing this article in the month of march, 2005 however, due to
> time constraints I got almost delayed by 10 months. This article can be
> downloaded from -
> http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp
>
>
> Feel free to mail me for any kind of queries or suggestions at - debasis
> [at] hackingspirits.com or debasis_mty [at] yahoo.com
>
>
> Regards,
> Debasis Mohanty
> www.hackingspirits.com
>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT