TABLE OF CONTENTS:
Fuzzing The art of Security Testing, Craft it, Analyze it
By Aniket Kulkarni
This article allows the reader understand the basics of fuzzing as well as the strengths, depth and effect of fuzzing. It explains how fuzzing is done in a practical sense, and shows the basics of initial data analysis and configurations. There is more of an emphasis on utilizing SPIKEfile for file fuzzing and Spike for packet/network Fuzzing.
Hi! I Hacked Your Computer
By Milind Bhargava
With every passing day, with each new software, hackers around the world start looking for vulnerabilities and write exploit codes for them. Patching those vulnerabilities takes a lot of time and by then the systems have been compromised. As an attacker, there are many ways to compromise the client side systems, my preferred method involves social engineering.
Stealth Testing Using NMAP
By Ric Messier
While testing is often accomplished with the full knowledge and cooperation of a client, you may also be engaged to do testing where the operations staff is unaware of your activities. You may be used to test defenses where they are not allowed to prepare specifically for you or the client may simply want to know how their operations staff responds to events and if they can detect them.
Scanning Your Cloud Environment
By Steve Markey
The “cloud” is a reality for IT professionals, but how secure is it? Since Cloud Service Providers (CSPs) do not allow cloud consumers to individually test their environments why not use a third party Vulnerability Assessment Scanner (VAS) tool/service?
BatchPenetration Testing vs Batch Jobs
By Srinivasan Sundara Rajan
We are seeing various tools and methodologies to perform the penetration testing for online web applications and ensure that these applications are not compromised with attacks like Cross Site Scripting, SQL Injection and others.
SQL Injection: Is it still a viable way to hack?
By Luis Davila
SQL Injection has been known as an old vector of attack but it also has new variants and methods. It does not matter if it is a PYME or a big company, all of them can suffer from SQL injection vulnerabilities and their data would be at risk. As an example, Sony was hacked this year using SQL Injection as the method of attack and network user data was stolen.
Effective Social Engineering: Why The Lowest Hanging Fruit Yields a Rotten Crop
By Shane MacDougall
This month’s article is a partial summary of the talk I gave at the ToorCon Security Conference in San Diego this October. This year the conference focused quite heavily on social engineering, and if that trend continues, professional schmoozers might well consider making the trip to Southern California next year.
The Business side of Pen Testing
By Dean Bushmiller
If you are doing your job as a penetration tester attacking networks for hire, someone in some jurisdiction is going to think you are breaking the law and that they have jurisdiction over you. Eventually, someone is going to call the police. Eventually, the police or some Three-Letter-Agency is going to view the tester as a real threat that must be stopped. In his articles, Dean will talk about a different security topic every month.
Interview with Sumit Siddharth By Arao Sumit „sid” Siddharth works as a Head of Penetration Testing for 7Safe Limited in the UK. He has over 7 years of experience within the IT security industry. He specializes in the application and database security. Over the years, he has contributed a number of white-papers, articles, advisory, tools and exploits to the industry. He has been a speaker at many security conferences including Black Hat, DEF CON, OWASP Appsec, Troopers, Sec-T etc. He also runs the popular IT security blog: http://www.notsosecure.com.