Penetration Testing: Article Announcement - Demystifying Penetration Testing

["Debasis Mohanty" <mail () hackingspirits com>]

Hi All, 

I published a paper on Penetration Testing on 26th Oct and was posted in
Full-Disclosure and this mailing list as well but somehow this post bounces
back from this list. I am much late in re-posting it here but it is better
be late than never ;)

Many thanks to Pete Herzog (Managing Director - ISECOME, isecom.org) for his
compliments on this paper and encouragement to write more such paper in
future. Thanks to others who has read and appreciated.  

This presentation is targeted for all security practitioners (i.e. Security
Officers / Sys Admins / Security Auditors / Security Enthusiasts.etc). This
presentation will give a clear picture on how pen testing is done and what
are the expected results. Various screenshots are provided as a proof of
concepts to give a brief picture of possible end-results. 

 
The goals of this presentation / paper are as follows: 

> An overview of how Vulnerability Assessment (VA) & Penetration Testing
(PT) is done 
> Defining scope of the assessment 
> Types of Penetration Testing 
> A brief understanding on how Buffer Overflow works 
> How vulnerabilities are scanned and exploited 
> What are the end results 
> What a Penetration Testing Report should contain 
 
It can be downloaded from the following links: 

HackingSpirits:
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp

Infosec Writers: http://infosecwriters.com/texts.php?op=display&id=239

AstalaVista:      http://www.astalavista.com/?section=dir&cmd=file&id=3105
 

Thanks & Regds, 
Debasis Mohanty
www.hackingspirits.com