Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
Single issue buyers – after paying for this issue click “PenTest Regular 02/2012″ (which will show just above that text)to download your copy of the magazine
Tool Jockeys in Disguise: Defeating the Push Button Penetration Testers
by Wardell Motley
What drives your search for a penetration tester? Was it a recent security breach, or a compliance requirement, or maybe just a conversation over a round of golf with someone that recently underwent an assessment? No matter what the reason you will need someone who is not only competent and familiar with the latest threats and technologies, but also someone that can associate the vulnerabilities you may have to the business risk to your organization.
Penetration Testing Strategy: Beyond Discrete Vulnerabilities
by Shohn Trojacek
Who really cares about a Penetration Test? It can be reasonably determined that by virtue of reading an article such as this, the reader already cares to some degree, about a penetration test. However, the reader is undoubtedly aware that many outside the field of IT Security, and ostensibly in the
business world, may not care.
Adopting Secure Software Development Processes
by Michel Chamberland
If you could tell your customers that you can help them secure their custom built software, significantly reduce the number of bugs and save them money in the process, do you think they would heed your advice?
Use and Abuse of Cryptographic Hashes
by Tor E. Bjørstad
Some of the most devastating security flaws appear when there is a logical error in the deployment or use of a security component. Cryptographic hash functions are among the most widely used security algorithms, yet they are often poorly understood by developers and security practitioners alike. The devil is in the details, and when it comes to custom cryptographic mechanisms, it is deceptively simple to take a wrong step.
Choosing a Safe Password
by Bartłomej Wypych
Passwords have become an integral part of our computer lives to the point, where we no longer pay any special attention to using them. Everyday we use one to log on a computer, access a social network account, or a discussion board, check e-mails and pay bills. All this in the comfort of our homes. We tend to forget that passwords are used to verify the identity of a person trying to access something. Be it for any of the aforementioned reasons, passwords are applied to ensure that the person trying to gain access, is the person they claims to be and is access to the stored data.
Virtualization: Pills and Other Threats
by Dariusz Wierzbicki
Virtualization in addition to many advantages also raises security issues. Virtual environment are very different from physical; it requires a different approach to security matters. Administrators often are not aware of safety issues specific to virtual environments or realize the dangers after deployment.
by Jatin Jain
Web applications are not able to recognize whether a request is somehow related to the previous requests, Session Management is the technique used by the web developer to make the stateless HTTP protocol support session state.
How is Second Becoming First?
by Aleksandar Bratic
Very often IT personnel in attempt to protect their applications, forget to secure layer 2, relay to much on anti-virus and firewall solution. The main problem is that when layer 2 is compromised, upper layers are not aware of problem, so every upper layer protection is useless.
Review of Christopher Hadnagy’s Social Engineering: The Art of Human Hacking
by A Rao
Social Engineering is not a technical book, at least not in the traditional sense. You will not see extensive discussion about ports, firewalls or encryption. If you were hoping for any of those topics, then you are in for a disappointment. This book is about human hacking, again not in the traditional sense. At the end of the day, security boils down to humans. Humans are vulnerable and no technology is secure if it is protected by people who can be deceived.
Interview with Raymond Friedman
by A Rao
Raymond Friedman is the CEO and President of mile2, and has been in the IT Security Space, since 2002. While in this industry, he has been actively engaged in consulting for global financial and government institutions; performing security audits, penetration tests and digital forensics services. During his tenure at mile2, Raymond has spearheaded the development of the present series of mile2 certifications, which have become globally recognized by military worldwide. Presently, Raymond carries several certifications and advanced degrees, in Master of Science in Accounting , Forensics & Controllership, the Certified Information Systems Security Officer, Certified Penetration Testing Engineer, and Certified Digital Forensics Examiner.
Comments are closed.