active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
single issue buyers – after paying for this issue click “McAfee PTMarket 03_2012″ (which will show just above that text)to download your copy of the magazine
Carric Dooley has over 14 years of experience in information security performing Information Security Assessments, Security Architecture Reviews, Wireless Assessments, Web Application Penetration Testing, Host Configuration Reviews, Product Reviews, Risk Assessments, and Policy Development. He has worked internationally and has studied French, German, Russian, and Japanese. Carric has strong industry experience in: Financial Services, Insurance, Healthcare, Software Development, Internet Infrastructure, Manufacturing, Retail, Pharmaceuticals, Government, Food Services, Utilities, Petrochemical, and Entertainment. He is a lead instructor for the Foundstone Ultimate Hacking series of classes. He has taught classes for the U.S. Department of Defense, Private Sector, and at BlackHat in the USA, Europe, and the Middle East, Director of Foundstone Services EMEA since July 2010 with more than 300% business growth for 2011.
Web Application Security, Secure Coding with a glass of scotch – Aby Rao talks with Anurag Agarwal, Founder of MyAppSecurity
by Aby Rao
Is Secure Coding a myth?
Secure Coding and Secure Architecture is the most critical part of any application. I don’t know why it’s considered a myth. If we look at the problem as a whole, the web applications have been around for a long time and security has only been the focus very recently. Most of the applications were designed and coded insecurely in the past but it’s not feasible to rewrite the entire applications using secure coding practices. Those applications have to be patched rather than rewritten which is what is happening now. In my experience, more and more companies have started focusing on secure coding and have trained developers too but it’s more of a culture shift than just implementing a process and will take some time.
Before You Pentest
by Randy Naramore
Before you perform a penetration test you need to know what your end goal will be, whether it is to better secure your network or to gain compliance a penetration test is an in-valuable tool if used correctly. Many times a pen-test is used just to be compliant with today’s regulations instead of being used as a tool to strengthen your network security. Both of these are valid points independently but combined they make a much stronger environment for your customers and/or investors.
About passion, teamwork, quality and loyalty with Alexandro Fernández Rodríguez, Specialized IT Security Consultant
by Aby Rao
Mr. Alexandro Fernández has a bachelor degree in computer science and a diploma in telecommunications and other one in management skills (Effective Communication, Leadership, Coaching & Mentoring, Project Management and Negotiation Courses). He has the following certifications: CISA , CISM y CobIT Foundations (ISACA), CISSP (ISC2), ISSPCS (Queensland University, AusCERT y and Australian EWA), CEH y ECSA (Ec-council), ISO 27001 LA (IRCA). His specialities are: IT Governance, Security Awareness, Business Continuity, Operations Security, Information Security Governance, IT Risk Management, IT Compliance, Access Control, Security audits and Privacy compliance.
“Certifications don’t really mean you’re a rock star” –
Sameh Sabry talks with Aby Rao about Crisis Management, Wireless Hacking… and Music
by Aby Rao
Sameh Sabry is an experienced Security Consultant. He started his career at the age of 14 during his tenure with IBM, multinational firms while as well recently joining the banking sector. His main specialties include security design, penetration tests, security compliance and advanced networking. Sameh has been also one of the early open source pioneers in the whole region. He has also completed OSCP, L|PT, C|HFI, C|EH, SANS PCI/DSS, Security+,Linux+, RHCE, LPI, CCNA amongst many.
Stefano Maccaglia talks with PenTest about importance of Academic Education and Appliances Replacing People
by PenTest Team
I hate the idea that a software or an appliance can replace the skill and abilities of a good team of Pen Testers. I’ve heard this concept often, especially from the mouth of Sales people or from high ranked managers. Often I have demonstrated they are wrong…
The vulnerabilities out there are waiting to be found
Tal Argoni, Penetration test team leader at 2BSecure for PenTest Market speaks about experience, motivation and challenges
by Aby Rao
At age 13, I met my cousin, and he showed me how two command lines cause denial of service to an Israeli Web site. I was intrigued by this and started looking for information at every opportunity that I had. Quickly I learned TCP and got answers about client-server application. This is when I discovered the concept of Trojan horse. I started to play with Back Orifice [cultdeadcow] and Sub 7 [mobman]. I developed some social engineering and antivirus bypassing techniques and skills. I found it boring after a while, I didn’t like the idea that I depend on my victim’s click and started to look for more information. I was stimulated again when my cousin performed a DOS attack to my own machine (win95 ping of dead). I was hungry for more information regarding remote code execution. I started to download exploits, compile them and scan the internet for victims. After a few years of hacking I noticed that the internet websites became more and more popular and dynamic. SQL injection led to XSS led to file upload exploiting, to CSRF, application dos and I found a new world of interest.
Penetration Testing in South Africa
by Johan Snyman
The pen-testing market in South Africa is small when compared to developed (and some developing) countries. To some extent this can be attributed to the slow growth of internet usage in the country and the difficulty faced by business to turn a profit with such a small target market. In simple terms, until fairly recently, many companies were not connected to public networks and security risks were low. This often meant that companies would develop security policies only when absolutely necessary (think online banking) or after an attack.
The Program of Trainings and Conferences for Hack in Paris
The event will be presented next June at the Convention Center to Disneyland Paris
will include six training and 16 conferences: the opportunity for the ecosystem of IT security
to be form on the practices of hacking and meet around international experts to inform about the reality of hacking, its challenges and its consequences. Paris, April 25th, 2012 – Organised for the second time by Sysdream, Hack in Paris, event in France exclusively in English, matching together IT security professionals (CTO, CSO) and technical experts of hacking, will be held from 18 to 22 June at the Convention Center to Disneyland Paris.
- Register, accept the Disclaimer and choose subscription option.
By choosing the Free Account option you will only be able to download the teaser of each issue.
- Verify your account using the verification link sent to your email address.
- Check the password sent on your email address and use it to log in.
- Click the download button to get the issue.
IMPORTANT: the registration on the website includes subscription to our newsletter.