Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Article: "Security Testing Demystified"
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Thu, 19 Jan 2006 02:07:33 +0530

Hello List Members, 

This is an announcement for the release of the article called "Security
Testing Demystified". This article has been written in very simple language
which can be understood not only by security testers but also can be read &
understood by non-technical managers as well. 

Just to summarise, this article doesn't talk anything specific about a
particular type of attack rather demonstrate a holistic approach for
security testing.  At a broader level it covers the following areas - 

-       Anatomy of Security Testing
o       Understanding the product and its architecture
o       Identifying possible attack vectors
o       Preparation of test cases
o       Vulnerability Research & Discovery
o       Exploitation of vulnerabilities found
o       Compilation of final security testing report
o       Final discussions of bug findings and fixes

-       Briefs about various mistakes and assumptions made by programmers
o       Talks about why HTTP-REFERRER is a bad thing to rely on
o       How important it is to validate all client side info sent to the
server?
o       [. . .]

-       How to identify potential attack vectors?
-       How wild and evil imaginations are important attributes for a
security tester?
-       Anatomy of a Security Testing Report
-       Why a final live hack demo is a good thing to do?

I started writing this article in the month of march, 2005 however, due to
time constraints I got almost delayed by 10 months. This article can be
downloaded from - 
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp


Feel free to mail me for any kind of queries or suggestions at - debasis
[at] hackingspirits.com or debasis_mty [at] yahoo.com


Regards,
Debasis Mohanty
www.hackingspirits.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Article: "Security Testing Demystified" Debasis Mohanty (Jan 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]