-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
The Art of Software Security Testing
Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats. chapter excerpt
-
Quiz: What's your infosec IQ?
Test your information security IQ with this short quiz. Security Quiz
-
PING with Jennifer Granick
PING with Jennifer Granick from the October 2005 issue of Information Security magazine. Information Security maga
-
Top tools for testing your online security
Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success. Security School
-
Top tools for testing your online security, part 2
Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources. Security School
-
The Controversy of Hacking Books and Classes
Read this excerpt and download Chapter 1, Ethics of Ethical Hacking from Shon Harris' Gray Hat Hacking. Book Chapter
-
Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to focus on the latest exploit techniques and develop mitigations that make exploit writing costly. News | 03 Feb 2012
-
Sophos software design, implementation critically flawed, says researcher
A researcher says poor Sophos software security leaves many open doors, notably cryptographic and attack-mitigation weaknesses in Sophos’ AV engine. News | 04 Aug 2011
-
Chromebook security in question due to flawed Google Chrome extensions
Cross-site scripting flaws enable security researchers to bypass Chromebook security and silently steal sensitive data by hijacking browser sessions. News | 03 Aug 2011
-
Security lab, pen testing key to proactive, creative cybersecurity
IT officers at different federal agencies recommend giving "the nerds, the geeks, and the young people" a chance to pen test systems. News | 04 May 2011
-
As cyberattacks increase, so does need for penetration testing
The rise in cyberattacks highlights the need for robust penetration testing of government networks. News | 20 Apr 2011
-
Hackers find McAfee.com website vulnerabilities
More than a dozen errors at McAfee.com and its software download site could lead to cross-site scripting or other attacks, according to a group of hackers that discovered the flaws. Article | 29 Mar 2011
-
Core Security launches CISO-level pen testing software
The new Core Insight pen testing suite can lay out the history of testing campaigns and the relative threat level of an enterprise's systems. Article | 15 Dec 2010
-
Barracuda launches bug bounty for its security products
Security vendor offers bounty for bugs found in its firewall and Web filtering appliances. News | 10 Nov 2010
-
Google extends bounty program for Web application bugs
People who report serious Web application flaws in YouTube and Blogger could receive a reward as much as $3,133.70. Article | 02 Nov 2010
-
HD Moore, Rapid 7 release Metasploit Pro
Metasploit Pro brings enhanced remote access and collaboration capabilities to the popular exploit framework. Article | 19 Oct 2010
- See More: News on Security Testing and Ethical Hacking
-
NMAP NSE tutorial: Network asset and vulnerability identification
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification. Tip
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps. Tip
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer. Tip
-
WebScarab tutorial: Demonstration of WebScarab proxy functionalities
In this WebScarab tutorial video, get step-by-step advice on how to install and use this free tool, including the WebScarab proxy features, among others. Tip
-
Netcat tutorial: How to use the free Netcat command-line tool
Helpful for penetration testers and network admins who need to debug infected systems, the netcat command-line tool boasts many free features for enterprise use. Tip
-
XSSer demo: How to use open source penetration testing tools
In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against applications. Tip
-
How to use NeXpose: Free enterprise vulnerability management tools
Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases. Tip
-
Netsparker: Free Web app security testing tool
Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities. Tip
-
Detect rootkit alternate data streams (ADS) with StreamArmor
In this month's screencast, Peter Giannoulis of TheAcademyPro.com explains how to use StreamArmor, a new tool that can detect alternate data streams that may be hiding rootkit data. Tip
-
How to use hping to craft packets
A packet crafting tool that's been around for a long time, hping can be used to test if ports are open, as well as for firewall testing. Learn how to use hping in this tutorial. Tip
- See More: Tips on Security Testing and Ethical Hacking
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
Securing applications with a network pen test
Network penetration testing can help protect applications by uncovering weaknesses that provide an alternate route to sensitive data. Answer
-
Software testing methodologies: Dynamic versus static application security testing
Learn about two software security testing methodologies – dynamic and static testing – in this expert response by Michael Cobb. Answer
-
Can threat modeling tools help with securing mobile applications?
When developing enterprise applications, do you know the quickest way to bridge the gap between an information security team and a development group? Answer
-
Using virtual test labs for virtual software testing
Do you know of virtualization that reduces your investment in hardware, space and general overhead? Virtual test labs can do just that. Expert Michael Cobb explains virtual software testing and how it can benefit your enterprise. Answer
-
Seeking an ethical hacking career: How to learn ethical hacking
In this expert response, Nick Lewis explains what an ethical hacker is and what skills such a hacker needs to be successful and compliant with the law. Ask the Expert
-
Static source code analysis tools: Pros and cons
Static source code analysis tools can greatly improve application security, but it takes knowledge and expertise to use them correctly. Expert Michael Cobb explains why. Ask the Expert
-
Penetration test methodology: Creating a network pen testing agreement
Network pen testing can be very useful when it comes to detecting vulnerabilities, but it's important to work with the IT department to prevent network downtime. In this expert response, learn how to draw up pen testing rules of engagement for greate... Ask the Expert
-
Using fuzzing for internal application security testing
Superstar security researchers often use fuzzing to find flaws in major vendors' applications, and you can use fuzzers to find vulnerabilities during internal software development. Expert Michael Cobb explains how. Ask the Expert
-
Test a security architecture design without an IT security consultancy
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it without spending the money. Ask the Expert
- See More: Expert Advice on Security Testing and Ethical Hacking
-
MIEL e-Security
MIEL e-Security is a Mumbai-based organization that provides information security services and solutions to organizations worldwide. Definition
-
Cyber Storm
Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude... Word
-
honeynet
Word
-
ethical hacker
Word
-
ethical worm
Word
-
gray hat (or grey hat)
Word
-
honey pot (honeypot)
Word
-
white hat
Word
-
war dialer
Word
-
Jose Granado on the benefits of penetration testing, ‘human hacking’
Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well. Video
-
Dan Guido on teaching penetration testing courses; intrusion analysis
The iSec Partners consultant talks about his penetration testing courses at NYU, his research on intrusion analysis and rethinking intrusion defense. Video
-
Adobe: Bug reporting and the sandbox
Brad Arkin talks about Adobe's policy on "bug bounties" and why it's decided to play in a "sandbox." Video
-
Metasploit and software vulnerability testing
Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
-
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
This month, Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com offers an overview of the free Microsoft Baseline Security Analyzer. Video
-
L0phtCrack returns
Security expert Chris Wysopal explains why the L0phtCrack password cracking tool was unveiled once again after Symantec discontinued sales of L0phtCrack in 2006. Video
-
Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to focus on the latest exploit techniques and develop mitigations that make exploit writing costly. News
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
Securing applications with a network pen test
Network penetration testing can help protect applications by uncovering weaknesses that provide an alternate route to sensitive data. Answer
-
Software testing methodologies: Dynamic versus static application security testing
Learn about two software security testing methodologies – dynamic and static testing – in this expert response by Michael Cobb. Answer
-
NMAP NSE tutorial: Network asset and vulnerability identification
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification. Tip
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps. Tip
-
Jose Granado on the benefits of penetration testing, ‘human hacking’
Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well. Video
-
Sophos software design, implementation critically flawed, says researcher
A researcher says poor Sophos software security leaves many open doors, notably cryptographic and attack-mitigation weaknesses in Sophos’ AV engine. News
-
Chromebook security in question due to flawed Google Chrome extensions
Cross-site scripting flaws enable security researchers to bypass Chromebook security and silently steal sensitive data by hijacking browser sessions. News
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer. Tip
- See More: All on Security Testing and Ethical Hacking
About Security Testing and Ethical Hacking
In this security testing and ethical hacking guide, you will get info on how to assess the security of your network with penetration testing and ethical hacking tools and software, ethical hacker training and certifications.