From the category archives:

Penetration Testing

Challenges in automated testing of session management

As we all know, web application scanners are meant to assist a user in identifying the vulnerabilities in a web application. The user/ audience for this tool can be penetration testers, developers or auditors. The true potential of any tool can be extracted only by a user who understands the domain and the tool he [...]

Read the full article →

The Definitive Guide to Penetration Testing Reports

Penetration testing is not going to be worth anything if there are no reports to detail what has been done and what needs to be corrected. It is the Penetration Test report that tells IT managers and other company stakeholders just how good or bad your network, web applications and Internet security performs are. But how [...]

Read the full article →

Meet hacker’s best friends: AntiVirus and Firewalls

Mr. John (name changed) is the senior security manager of one of the large organization in the world. Mr. John enforces best of the security policy to protect his organization from latest threats and risks. He has deployed best of the anti-virus on all the desktops and servers. He keeps all the anti-virus signature updated [...]

Read the full article →

How Search Engine Security Testing can improve Website Ranking

You may be wondering what Website Ranking Improvement has to do with Search Engine Security Testing. Few years back I also wondered the same before I came across one smart SEO guy. Combined with his insights in SEO and my background in security testing, I’m convinced that all search engine marketeers should now consider adopting [...]

Read the full article →

Quick Way of Fuzz Testing Unknown Protocols with Wireplay

The research team at iViZ have been working on a simple yet powerful idea for rapid fuzz testing of Network Applications. Theoretically fuzzing involves supplying in-valid or semi-invalid input set to the target application and monitoring for possible faults. This is highly useful for finding out newer vulnerabilities in applications. However , the security researchers [...]

Read the full article →

3 Reasons why Automated Vulnerability Scanning does not work

One of the things that IT managers and network security specialists learn early on is that vulnerability scanning with free or open source tools do not work or are generally not enough when it comes to protecting your computer network and identifying its vulnerabilities. Most network managers are lulled into a false sense of security [...]

Read the full article →

How much secure your VPN really is?

Late at night one Friday, I got a phone call from a long time buddy who worked for a big countrywide construction company in the role of a chief engineer. Calls from him were predictable while his workstation was giving him a hard time or else a weekend expedition was being considered . However, this [...]

Read the full article →

14 Live CDs for Penetration Testing (Pen Test) and Forensic

Yesterday I was researching for some of the other lesser known live CDs for penetration testing. While I’m an avid user and a fan of backtrack, someone mentioned that there are other live CDs as well which are good for specific functionality. I did take a look from the post at darknet but I feel [...]

Read the full article →

How to choose Penetration Testing companies?

A common question is: Why should get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by companies (read outsiders) with no bias and partiality to anyone or anything within your [...]

Read the full article →

What is the difference between Vulnerability Assessment and Penetration Testing?

Lot of time we have seen customer asking about the difference between network Vulnerability assessment and penetration test. So here is quick difference between the two types of testing: Vulnerability Analysis is the process of identifying vulnerabilities on a network, whereas a Penetration Testing is focused on actually gaining unauthorized access to the tested systems [...]

Read the full article →