From: pagvac (unknown.pentester@gmail.com)
Date: Thu Mar 09 2006 - 16:00:38 EST
First paper written on the topic of virtual hosts hacking. It covers
basic skills such as passive discovery techniques and (almost) stealth
active discovery techniques. It also presents possible scenarios of
exploitation.
The message behind this paper is:
- do *not* host your organization's website on your corporate network
- do *not* use shared web hosting
For details on why we recommend the two previous practices we suggest
reading the paper.
Finally a survey on UK penetration testing companies is provided which
shows which companies follow the two previous principles.
Note: the intended audience is *web application penetration testers*.
-- Petko Petkov and pagvac [www.gnucitizen.org], [www.ikwt.com] ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:39 EDT