lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060118203911.2D36910FD@lists.grok.org.uk>
Date: Wed Jan 18 20:39:25 2006
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: Article: "Security Testing Demystified"

Hello List Members, 

This is an announcement for the release of the article called "Security
Testing Demystified". This article has been written in very simple language
which can be understood not only by security testers but also can be read &
understood by non-technical managers as well. 

Just to summarise, this article doesn't talk anything specific about a
particular type of attack rather demonstrate a holistic approach for
security testing.  At a broader level it covers the following areas - 

-	Anatomy of Security Testing
o	Understanding the product and its architecture
o	Identifying possible attack vectors
o	Preparation of test cases
o	Vulnerability Research & Discovery
o	Exploitation of vulnerabilities found
o	Compilation of final security testing report
o	Final discussions of bug findings and fixes

-	Briefs about various mistakes and assumptions made by programmers
o	Talks about why HTTP-REFERRER is a bad thing to rely on
o	How important it is to validate all client side info sent to the
server?
o	[. . .]

-	How to identify potential attack vectors?
-	How wild and evil imaginations are important attributes for a
security tester?
-	Anatomy of a Security Testing Report
-	Why a final live hack demo is a good thing to do?

I started writing this article in the month of march, 2005 however, due to
time constraints I got almost delayed by 10 months. This article can be
downloaded from - 
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp


Feel free to mail me for any kind of queries or suggestions at - debasis
[at] hackingspirits.com or debasis_mty [at] yahoo.com


Regards,
Debasis Mohanty
www.hackingspirits.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ