We would like to present you the third issue of PenTest Open – a free monthly publication, where you can read some of our best articles from last month.
This time you will find here a selection of really good tutorials written by our best authors and experienced pentesters. We hope that this read will help you to improve your skills and allow you to broaden your horizons.
INSIDE THE ISSUE:
From the Beginning: Building a SQLi Test Lab
By Guglielmo Scaiola
Enter virtualization technology where it is possible to create an extensive lab without the risk to be jailed.There are many virtual machine technologies to choose from: Vmware Esxi and Vmware workstation, Microsoft HyperV, Xen, or VirtualBox Your choice may be related to your favorite operating system or your computer hardware. The author in his professional work, uses different virtualization products. However in this article, he describes Vmware Workstation 8, but you can transform the examples with a few modifications to another virtual environment.
Defending Industrial Control Systems with Data Diodes
By Austin Scott
Originally designed by government organizations to protect top secret information, data diodes are most commonly used in ap-plications requiring the highest level of security such as state secret protection, banking or battlefield up-links. In recent years we could observe an increasing demand for data diodes in the world of industrial control and automation to protect critical in-frastructure due to the simple and virtually impenetrable nature of these devices. In this article the author explores the inner workings and practical control system applications of these uni-directional gateways and provide a step by step guide to creat-ing your own using open source software.
Information Security Policy (ISMS)
By Prashant Mishra
These days about 90% of the business depends on Information Security as it can be accessible through Internet from anywhere. The security within any organization starts with building a Security Policy, a centralized, evolving document defining what is allowed and what is not.
Running Head Penetration Test Results Reporting
By Terrance Stachowski
Upon completion of a penetration test, all of the information collected must be neatly entered into the afteractions, results report. Since this document is the only tangible, deliverable element supplied to the customer, it should appear professional, well organized, and clearly detail and explain what was uncovered during the penetration test.
Transforming Your Tablet into Pentest Platform
By Domagoj Vrataric
As a penetration tester you always appreciate to work at any place. That’s a nice thing when you are working in IT industry. With your laptop you can be mobile when working on penetration testing. However, as probably many of you, the author of this article wanted more…
Homeland Security – Reducing the Thread from Attacks
By Albert Whale
The author describes the changes being made in the Homeland Security activities for new software in development, and how they are improving our overall security. From this article you will also find out which activities can fit into their Software Development Lifecycle (SDLC) programs to further benefit other organizations as well. This read is not presenting an offensive approach to Cyber Security, but an improved defensive approach.