Purple Paper: Exegesis Of Virtual Hosts Hacking

[pagvac <unknown.pentester () gmail com>]

First paper written on the topic of virtual hosts hacking. It covers
basic skills such as passive discovery techniques and (almost) stealth
active discovery techniques. It also presents possible scenarios of
exploitation.

The message behind this paper is:

- do *not* host your organization's website on your corporate network
- do *not* use shared web hosting

For details on why we recommend the two previous practices we suggest
reading the paper.

Finally a survey on UK penetration testing companies is provided which
shows which companies follow the two previous principles.

Note: the intended audience is *web application penetration testers*.


--
Petko Petkov and pagvac
[www.gnucitizen.org], [www.ikwt.com]

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------