active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
single issue buyers – after paying for this issue click “Web Applications for Pentesters – WebApp 07_12″ (which will show just above that text)to download your copy of the magazine
Pentesting With Teensy
by Remus Ho
Teensy is a USB-based microcontroller development board, which can be programmed to emulate as any device and store programming code. It is about 3.0cm by 1.8cm in size and available in PJRC.com. It cost about US$16 and has the memory size of 32K byte. In this article, Remus will be showing how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system.
Exploiting Local File Inclusion Vulnerability Using fimap
by Sow Ching Shiong
fimap is a python tool which can be used to find and exploit as well as google for local and remote
file inclusion bugs in web application. It is available from: http://code.google.com/p/fimap/. Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitised, and allows directory traversal characters to be injected.
Vicnum, a Vulnerable Web Application for Pentesters
by Mordecai Kraushar
For those interested in Web application security OWASP (Open Web Application Security Project ) is the organization to turn to with many projects intended to secure Web applications. One such OWASP project is Vicnum (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project/) which consists of several links to programs that at first appear to be games but are really intentionally vulnerable web applications that demonstrate common web security problems such as cross site scripting, SQL injections, and session management issues.
How To Set Up A Software Hacking Lab part 1
by Steven Wierckx
This is the first in a series of articles on how to set up a software hacking lab. In this first article, I will detail what I want to do in this hacking lab and what the targets are I would like to have ready for my penetration test. The main focus for this hacking lab will be on web applications and testing their security.
Security Testing Tool or Cyber Weapon
by Kevin G. Coleman
There is a growing concern about the development and proliferation of what has been referred to as Cyber Arms. In fact, in 2011 China and Russia submitted a recommendation to the United Nations
about a Cyber Arms Treaty. This topic is not new to the United Nations; in fact it actually can be traced back in 2006 when the U.N. General Assembly requested that all countries submit their views on a binding conventional arms trade treaty.
Nipper Studio Review
by Jim Halfpenny
There’s no shortage of vulnerability assessment tools out there and this time I’m looking at one that
a little bit different. Nipper Studio from Titania offers a means to audit that often forgotten part of your network; the network itself. Routers, switches, firewalls and other network appliances are the fabric of your network and should definitely be in-scope for any rigorous information security program. I’ve given Nipper Studio a test drive to see how it performs and how it differs from other tools out there.
by Mike Brennan and Richard Stiennon
Tonight’s sortie was an old – fashioned stakeout, Buck had said. If Yvonne had ever been on one, she would have understood his sentiment, but instead she was anxious, feeling exposed to dangers she never experienced working in her labs behind the protection of computer screens and miles, sometimes thousands of them, between her and her adversaries.