Advertise Search Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection Link Directory OS Security Podcasts Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor Video VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Pen Test What is a Pen Test? A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Most Popular Sponsor Backup & Recovery - Top 10 Reasons to Upgrade

Pen Test Penetration Testing - Is it right for you? The process of performing a penetration test is to verify that new and existing applications, networks and systems are not vulnerable to a security risk that could allow unauthorized access to resources. This paper will review the steps involved in preparing for and performing a penetration test. The intended audience for this paper is project directors or managers who might be considering having a penetration test performed. The process of performing a penetration test is complex. Each company must determine if the process is appropriate for them. Read the Article Penetration Testing: The Third Party Hacker Penetration testing is the process of probing and identifying security vulnerabilities in a network and the extent to which they might be exploited by outside parties. It is a necessary tool for determining the current security posture of an organization. A new CIO, for example, might order a penetration test to get a quick understanding, or "sketch," of potential problem areas in a local area network. Such a test should determine both the existence and extent of any risk. Target Companies expect third party vendors who perform penetration testing to be very honest with them, but this has proven not to be the case in every instance. Moreover, the risks associated with use of third-party testing organizations are somewhat different from those associated with the usual issues of penetration of the system from outside. This presentation is intended to help management make the right choice when outsourcing penetration testing. Read the Article Blind Buffer Overflows In ISAPI Extensions In this paper we will use different ISAPI extension on a Microsoft Windows 2000, Internet Information Server (IIS) 5.0 web server. A number of different ISAPI extensions were created, each with a different type of stack-based overflow vulnerability to act as demonstrative proprietary applications as seen in the wild. The following examples are overflows using strcpy(), sprintf(), and strcat(). A second set of extensions had also been built with the Microsoft Visual Studio .NET stack protection enabled (/GS option) [ref 2]. The author will demonstrate how to bypass these protection mechanisms and execute arbitrary code completely blind. Read the Article Penetration Testing IPsec VPNs This article discusses a methodology to assess the security posture of an organization's Ipsec based VPN architecture. The first part of the article looks at the components of IPSec based VPNs, which use client software to connect to the VPN server as opposed to SSL based VPNs, which only use a browser. The second step describes a penetration test of the VPN setup, and then finally a review of the architecture and system configuration is suggested. Read the Article Page: 1 2 3 Members currently browsing this category:

Copyright 2008 AttackPrevention