Follow us on social networks:


ATTENTION! If You're from the US and You'd like to buy a subscribtion please contact us directly at email:

PenTest Extra 02/2012

February 15, 2012

Issues admin Comments Off
This text is available for purchase but you need to login or register first.

You can buy this for 10 USD

Please register for free account or subscribe and get access to all issues on this website!
Remember Me

Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
Single issue buyers – after paying for this issue click “PenTest Extra 02/2012″ (which will show just above that text)to download your copy of the magazine

PenTest Extra 02/2012

PenTest Extra 02/2012

A Formal Approach to Exploit Human Intelligence
by Shakeel Ali
There is no formal procedure or process for social engineering attack till date. It all depends on the given situation and how would you draw the steps to initiate an attack against your target. Some of the most common steps taken are intelligence gathering, identifying vulnerable points, planning the attack, and execution. Each of these steps should remain consistent in the definite order and data collected upon their successive completion.

Finding Your Target
by Willem Mouton
Dumpster diving, if you are up for it and have physical access to the target, means sifting through trash to get useful information, but in recent times social media can provide us with even more. Sites like LinkedIn, Facebook and Twitter can provide you with lists of employees, projects that the organization is involved with and perhaps even information about third party products and suppliers that are in use.

Session Hijacking
by Nikhil Srivastava
Session hijacking, also known as TCP session hijacking, allows a user to take control over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user’s session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

NTO SQL Invader
by Sow Ching Shiong
NTO SQL Invader is a SQL injection exploitation tool. It gives the ability to quickly and easily exploit or demonstrate SQL injection vulnerabilities in Web applications. With a few simple clicks, a penetration tester will be able to exploit a vulnerability to view the list of records, tables and user accounts of the back-end database.

CSRF Attacks on Network Devices
by Eugene Dokukin
The first attack it’s to turn on the remote access to the admin panel (it’s off by default), to allow remote attacker to access the admin panel from the Internet and change all required settings (and this attack can be conducted in one request). Network devices which have an option to allow remote access and have CSRF vulnerabilities can be attacked in such way.

Web Application Security Vulnerabilities Have Been Prevalent The Last Decade
by Matt Parsons
The main issue with SQL injection is that the programmer is dynamically generating SQL queries and not validating the input. The best way to prevent this attack is to validate all input with white list validation, use least privilege and use prepared statements or stored procedures. In Java EE it is best to use preparedstatement() or in .NET use SQLCommand().

Interview with Marsel Nizamutdinov
by PenTest Team
Marsel Nizamutdinov is a Head of Research & Development Department at High-Tech Bridge SA, web application security expert and the author of “Hacker Web Exploitation Uncovered” (2005).

Qualys Virtual Scanner
by Scott Christie
The setup of a new Virtual Scanner is not difficult. For existing Qualys customers, a change must be made to the service account to allow for the Virtual Scanners. During the change and previously owned physical scanner appliances must be online or else the physical devices can be irreparably dropped from the service account and will have to be returned to Qualys. After the account change, users will notice new menu options for the provision and download of Virtual Scanner appliances.

PenTest Extra 02/2012 teaserPenTest Extra 02/2012 teaser – PenTest Teaser
PenTest Extra 02/2012 teaser

Follow the steps below to download the magazine:
  1. Register, accept the Disclaimer and choose subscription option.
    By choosing the Free Account option you will only be able to download the teaser of each issue.
  2. Verify your account using the verification link sent to your email address.
  3. Check the password sent on your email address and use it to log in.
  4. Click the download button to get the issue.

IMPORTANT: the registration on the website includes subscription to our newsletter.


Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.

  • LinkedIn
  • Facebook
  • MySpace
  • Google Bookmarks
  • BlinkList
  • MisterWong
  • Y!GG
  • Webnews
  • Digg
  • StumbleUpon
  • YahooBuzz
  • Reddit
  • Wikio UK

Tagged with:

Comments are closed.

Contact Us

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa