Important: Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button single issue buyers – after paying for this issue click “PenTest Web App 08/2012″ (which will show just above that text) to download your copy of the magazine.
Configuring and Excuting a Pentesting Scenario with Mac OS X Mountain Lion 10.8 by Israel Torres
Penetration testing on a Mac running OS X Mountain Lion 10.8 can be quite dreamy. Aside from using ‘virtualizers’ such as VMWare Fusion 4.1.3, VirtualBox 4.1.18 and Parallels 7; OS X has the native capabilities to run a lot of open source applications out there – some may require minor to major tweaking; or alternative compatible applications depending on what the tester is intending to do.
Virtualising Your Penetration Testing Toolbox by Nick Murison
Several virtualisation technologies have shown themselves to be practical for running multiple OS platforms, even on relatively standard laptops. We will discuss how a virtualised environment can provide greater flexibility, and give some examples of virtual machine set ups for penetration testing.
Setting Up a Penetration Testing System Using Ubuntu Linux by Stephen Bradshaw
Think about what happens during a penetration test for a second. Penetration testers use questionable software and illicit methods to bypass security controls and potentially gain access to very sensitive information – all with the aim of accessing a system’s security. Ensuring that system security controls operate as intended is a worthy goal, but the process of going about it can introduce some very visible risks.
Is IAST the Future of AppSec? by Jeff Williams
Application security has never been more important, yet traditional approaches are starting to fall apart as applications get larger, faster, and more complex, while software development has accelerated to “ludicrous speed”. Unless something changes, the world’s entire pool of security experts will soon be completely absorbed seeking out XSS. A new automated approach called IAST has the potential to achieve better vulnerability analysis results in a way that is much more compatible with the way software is developed.
Cyber Security Trinity by Kevin G. Coleman
With all the positive aspects of the Internet, there are a fair amount of negative issues (like cyber crime and cyber attacks) that impact us daily. These negative issues demand immediate attention and aggressive actions in order to mitigate their risks. This article will consider the three of the top issues in this space – cyber weapons, security testing and eForensics.
How To Set Up a Software Hacking Lab Part 2 by Steven Wierckx
This is the second installment and we are nearing the finish line. This time we will see how and which attack tools we are going to install and use in our web application hacking lab.
Setting Up the System for Penetration Testing of Android Applications by Sarin Kumar & Ratish Kumar Mandal
In this article we are going to learn how to set up an environment for penetration testing of Android applications by using a virtual device.
Metasploit Primer by George Karpouzas
Metasploit is an entire framework that provides the necessary tools, during a penetration test, to identify flaws and run various exploits against a remote target machine. It simplifies network discovery and vulnerability verification, increasing the probability of success for your project. This time we will learn the basics of it.
Cyber Styletto: Chapter Nine by Gian DeTorre and Mike Brennan
The team wasted no time finding the goodies the provincial official had stashed in the 777. The cabin had been completely customized to his order, with three full bars spaced throughout, and a full kitchen at the tail. While the others sampled the high-end liquor, even bringing soft drinks to Colin and Nigel in the cockpit, Silk busied himself—to his teammates’ surprise—in the galley…