Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
Single issue buyers – after paying for this issue click “Ethical Hacking – PenTest Extra Issue 2/2011″ (which will show just above that text)to download your copy of the magazine
BackTrack 4: Target Scoping
by Shakeel Ali and Tedi Heriyanto
This process integrates several key elements, such as gathering client requirements, preparing a test plan, profiling test boundaries, defining business objectives, and project management and scheduling. Shakeel Ali and Tedi Heriyanto describe how to acquire and manage the information about the target’s test environment. This article by Shakeel Ali and Tedi Heriyanto, authors of BackTrack 4: Assuring Security by Penetration Testing, covers a scope process to provide necessary guidelines on formalizing the test requirements.
Tactical Penetration Testing for Industrial Control Systems
by Shakeel Ali
Industrial Control Systems (ICS) are one of the main operatives providing control over industrial production environment. These include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers PLC). Shakeel Ali presents the influence of digital attacks on today’s critical infrastructures. He claims that it requires more than just deploying security technologies (IDS/IPS/Firewall) out of box. Using the penetration testing approach one can assure the level of robustness, usability, reliability, and security of the information assets.
Crack Into a Wireless Network
by Sameh Sabry
The mini live CD based on Tiny Core Linux called Beini a Chinese GNU/Linux distribution, created and maintained by ZhaoChunsheng from Tianjin, China. The distribution is not commonly known and/or used however, it is very light. Sameh Sabry tell you, in his article, how to crack into a wireless network in easy and simple way. Beini is the best open source tool for it. He states that it took him less than a minute to boot from the CD, and another couple of minutes to get the key for the house wireless network.
White Box Testing of SQL Injection Attacks
by Hossain Shahriar
Despite many tools exist to test SQL injection vulnerabilities using black box approach (crawler like tools), white box level testing can provide an increased confidence on the level of SQL injection vulnerabilities. Despite a programmer might not be interested to use the mutation score directly, the benefit still remains through the execution of programs with certain faults to check programs against some SQL injection attacks. Hossain Shahriar, in his article, demonstrates a white box (code level) approach of testing SQL Injection vulnerability.
Intro to SQL Power Injector
by Matt Presson
SQL Injection (SQLi) is a vulnerability that plagues many of today’s web applications. The existence of a SQLi vulnerability in an application gives an attacker almost complete control over the final SQL query that gets executed by the application’s database. Matt Presson introduce syou to your new favorite tool for exploiting blind SQL injection – SQL Power Injector.
Penetration Testing for Android Applications
by Kunjan Shah
Mobile application penetration testing is an up and coming security service that has recently obtained more attention with the introduction of Android, and iOS platforms. Kunjan Shah, in his article, specifically focuses on helping security professionals perform penetration testing on Android applications. He attempts to cover everything that you would need to begin testing applications developed for the Android platform such as setting up the test environment, installing the emulator, configuring the proxy tool, decompiling, etc.
Web Application Security
by Jakub Gaczyk
By using our web site, managers can send us their documents and resume. In our web page, we have installed and configured some kind of popular CMS (Content Management System). Jakub Gaczyk, in his short article, presents how to check whether the web application is vulnerable to Internet attacks. He answers the question: Why should I test the software on my own? And claims that the need is obvious if you use open source software.
The Benefits of Ethical Hacking
by Bryan Soliman
The wide growth of the Internet has brought good things to the modern societies such as easy access to online stores, electronic commerce, emails, and new avenues of information distribution and advertising. As with most technological advances, there is always a dark side: the criminal hackers where they represent a threat to these information avenues. Bryan Soliman describes from a practical standpoint the security problem remains as long as manufacturers remain committed to current system architectures without a firm requirement for security.
Interview with Ivan Arce
Ivan Arce is a co-founder and Chief Technology Officer of Core Security Technologies where he helps to set the technical direction for the company. Arce writes for numerous technical publications, speaks frequently at industry events and is commonly quoted in industry publications. He is a member of the IEEE Computer Society and the Association for Computer Machinery (ACM) he also currently serves as Associate Editor of the IEEE Security & Privacy Magazine.
BackTrack 4: Assuring Security by Penetration Testing
by Rebecca Wynn
BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.
Interview with Jonathan Ringler
by Aby Rao
Jon Ringler has over 10 years of experience in the IT industry and has spent the last 7 years focusing on information systems security. He is skilled in Security Operations, Vulnerability Analysis, Penetration Testing, Application Security, and Network Security. Jon has a Bachelor of Science in Computer Information Systems and a Master of Science in Information Assurance while holding certifications including CISSP, CISA, CRSIC, GCIH, CEH, and CHFI. He currently resides with his wife and two daughters in Annapolis, Maryland, USA.
Comments are closed.