Let us present our latest issue entitled Penetration Testing in Practice.
Inside, you will find a few interesting tutorials that will help you develop your skills:
Writing an Effective Penetration Testing Report Writing an effective penetration testing report is an article that needs to be learned to make sure that the report will deliver the right information to the targeted audience.
- High-Level Security Assessment
- Tools of the Trade
- Business Case
- Planning and Preparation
- Risk Management
- Gathering and Translating Raw Data
- Project Proposal
- Project Activities
+ Sample Penetration Testing Report
Hardening VoIP Protocols
- Security Socket Layer (SSL) and SIP
- Secure RTP
- Advanced Encryption Standard (AES)
- Method of Key Distribution
- Network Address Translation (NAT)
- Session Border Controllers (SBCs)
Try to write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS
In this section, we shall look at IDS which use predefined signatures in detection process. Signature-based approach comes from first implementations of intrusion detection systems and still is in use and actual.
- Purpose of creating signature-based algorithms
- Understanding of detection process
- Signature-based algorithms benefits
- Signature-based algorithms restrictions
- Typical application for such algorithms
How to detect the vulnerabilities used in XSS attacks
How to detect and exploit the vulnerabilities behind this kind of attacks and how to make a Proof of Concept that can make your customers understand the risks they are exposed to? During the article we will show how to use the burp suite and other tools in order to detect and exploit the vulnerabilities.
- Detect the vulnerabilities that allow you to perform XSS attacks
- XSS Attack Vectors (HTTPWEB Based)
- XSS Reflected VS Stored
- DOM based XSS
- How to trick users
- Write your first XSS exploit
Configure and deploy a fully working Cisco RouterWelcome to the world of penetration testing using one of the most famous tools or frameworks out there – Metasploit!
- Deploy a fully sand boxed network running on Virtualbox to do all the testing you need;
- Have a fully exploitable server at your disposal;
- Configure and use a full functional Checkpoint firewall;
- Deploy your Metasploit framework with Kali Linux;
- Configure and deploy a fully working Cisco Router;
- Grasp basic navigation concepts and commands of the Metasploit Framework;
- Recreate a fully functional network for present and future testing.
Broken Authentication and Session Management
We will write a simple Web app with the main goal of pinging servers on the internet. There are many such applications in the wild now. And they are popular — whois web services, online statistics and others. So, this application allows one to enter a server address and ping that address, then it returns the result.
We will provide you two versions of all examples: one in Python and one in PHP.