| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Penetration Testing: The Third Party Hacker Penetration testing is the process of probing and identifying security vulnerabilities in a network and the extent to which they might be exploited by outside parties. It is a necessary tool for determining the current security posture of an organization. A new CIO, for example, might order a penetration test to get a quick understanding, or "sketch," of potential problem areas in a local area network. Such a test should determine both the existence and extent of any risk. Target Companies expect third party vendors who perform penetration testing to be very honest with them, but this has proven not to be the case in every instance. Moreover, the risks associated with use of third-party testing organizations are somewhat different from those associated with the usual issues of penetration of the system from outside. This presentation is intended to help management make the right choice when outsourcing penetration testing.
By Jessica Lowery, 04/18/2004
|
|
Penetration Testing - Is it right for you? The process of performing a penetration test is to verify that new and existing applications, networks and systems are not vulnerable to a security risk that could allow unauthorized access to resources. This paper will review the steps involved in preparing for and performing a penetration test. The intended audience for this paper is project directors or managers who might be considering having a penetration test performed. The process of performing a penetration test is complex. Each company must determine if the process is appropriate for them.
By Jimmy Braden, 04/18/2004
|
|
Penetration 101 - Introduction to becoming a Penetration Tester The purpose of this paper is to give you a brief and basic overview of what to look for when starting out in penetration testing and to build up an internal penetration test kit to aid you in performing both internal and external penetration tests on your company network. To also make you aware of the problems with new network technology like wireless networks, and remote access devices that can circumvent network perimeter security devices like firewalls and IDS. Whilst also showing you the pit falls of security, and the need to check all systems for vulnerabilities and to carry out regular patching and monitoring of all systems within your network. This paper also lists suggested well known security penetration tools for both Linux and Windows operating systems.
By Dave Burrows, 04/18/2004
|
|
Penetration Studies - A Technical Overview This paper takes the position of an unauthorized external user with no specific knowledge of the target network other then what is available via public information and what the malicious user can glean from the output of his tools and applications.
By Timothy Layton, 04/18/2004
|
|
An Overview of Remote Operating System Fingerprinting Operating System (OS) fingerprinting is the science of determining the operating system of a remote computer on the Internet. This may be accomplished passively by sniffing network packets travelling between hosts, actively by sending carefully crafted packets to the target machine and analyzing the response, or through non-technical means. It is used by Security Professionals (known as “White-hats”) and Hackers (“Black-hats”) alike for mapping remote networks and determining which vulnerabilities might be present to exploit. This paper presents an overview of the various approaches to OS fingerprinting, some current tools available on the Internet together with their features, the underlying techniques they use, and suggestions for defeating these tools.
By Chris Trowbridge, 04/17/2004
|
|
Instruments of the Information Security Trade Internet security is extremely important today, the amount lost due to intrusions and hacking incidents has increased tremendously over the years. (1) How important is security to your company? Is your company at risk? How do you really know for sure? Periodic penetration testing can help you determine whether your company has the necessary controls in place to protect your organization. These tests will show how secure or how vulnerable your company's networks are to an attack and the results will open up the eyes of management as to what could happen to the companies assets. The results of these tests alone justify the importance of security within your organization. Penetration tests will also provide results of how your systems and employees react to an attack along with testing the current procedures that are in place.
By Mark Graff, 04/17/2004
|
|
Security Life Cycle - 1. DIY Assessment What follows is a simplified and comprehensive way to get a quick self-assessment, this paper covers one phase of the Security Life Cycle, Assessment. Ever wondered where do you stand in term of IT security readiness? Is there a way to get a feel on the level of security with what you have without incurring additional cost on the already tight budget? What would be more saddening to realize that your server was taken over by hackers and had partaken in a DDOS (distributed denial of service) attack on the CIA? The best course of action, prevention by performing regular vulnerability assessments/reviews and treat those problem areas. Here's one way that can provide a simple and up to date DIY assessments.
By Lee Wan Wai, 04/17/2004
|
|
Guidelines for Developing Penetration Rules of Behavior Penetration testing has been well popularized by the media, many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. Several reasons are given for the popularity of penetration testing. One of these is the mystique that has been associated with the 'hacker' image. In some instances, prospective target organizations may be attracted to this type of service more from the perceived value rather than the actual value. After the completion of the penetration test and the 'hacker' mystique dissipates, the target organization will be looking for substantive value from the penetration test such as corrective and improvement solutions. This may include in depth analysis of the penetration techniques with the target organization's information technology experts.
By Nancy Simpson, 04/17/2004
|
|
Sample Penetration Test Report This paper documents a penetration test done by Imperva's Application Defense Center against Imperva's demonstration application. It provides an example of an Imperva penetration test as well as insight into application vulnerabilities found in typical enterprise Web applications.
03/31/2004
|
|
Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.
03/24/2004
|
|
Page: 1 23 |
