penetration testing

  • Review

    Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, no starch press, 2014

    Posted June 22, 2014 - 4:47 pm

    Most everything you need to know to get started as a penetration tester in less than 500 pages? This book provides a very practical hands-on introduction to the art of hacking. But you will need to sit yourself down and let your fingers get a lot of exercise before you put yourself on the market as a pro.
  • BOOK GIVEAWAY: Penetration Testing: A Hands-On Introduction to Hacking

    Posted April 30, 2014 - 4:11 pm

    Five will win. Enter the drawing today!
  • Hackers, security pros talk penetration testing, social engineering

    Posted October 24, 2012 - 9:39 pm

    We go undercover (sort of) at GrrCon, the Midwest's premier conference on penetration testing and software security, to learn about cloud security, hacking, lock picking and more.
  • To retrieve stolen data: Have it phone home to tell you where it is.

    Posted August 18, 2011 - 5:07 pm

    If banks can put dye packs and broadcasting GPS units that signal cops where stolen moneybags are being taken, why can't you do that for data? Honeypot technology shows you how, but existing honeytokens have to be better at sending calls for help.
  • North Korea steps forward as new cyberwar villian

    Posted July 6, 2011 - 4:14 pm

    McAfee investigation concludes overly sophisticated DDOS attacks against South Korea in March were tests of the readiness of the South and the U.S. for mixed online/offline assaults.
  • Penetration tests: 10 tips for a successful program

    Posted November 15, 2010 - 6:05 pm

    Why are you performing penetration tests? Whether you're using an internal team, outside experts or a combination of the two, are you simply satisfying regulatory or audit requirements, or do you actually expect to improve enterprise security?
  • Google’s bug bounty program: Barbarians at the gate

    Posted November 3, 2010 - 3:51 pm

    Google is offering hackers the chance to win a cash bounty if they can find vulnerabilities in the search giant's top Web applications such as YouTube, Blogger, Gmail and Successful Google invaders can be awarded up to $3,133.70 for their hack as well as get their name added to a Google credit Web page.
  • Two-Thirds of Big Companies Suffer Successful Hacks This Year

    Posted October 12, 2010 - 11:41 am

    Big companies report increase in successful attacks, while flaws in existing systems and the complexity of new ones introduce more places security could be weak.
  • Security Testing: It Is About Coverage

    Posted February 1, 2010 - 7:19 pm

    It is easy to do pentetration testing. My two year daughter can do it (well at least she broke through a screen-lock). But doing it well is the challenge. That is what coverage is about. Security test coverage, like any test coverage, is measuring how much of all the possible sensible options you cover with your testing. Let's dig into this topic a bit more, and perhaps next time someone comes offering you pentesting services, you will have a few new questions to ask the auditors.
  • Why Pen Testing Is Central to State's App Security

    Posted September 23, 2009 - 8:35 pm

    Fortify Co-Founder and Chief Scientist Brian Chess made a stir last year when he predicted -- incorrectly, so far -- that penetration testing would be a dead art in 2009. Among those who shrugged off the suggestion was Robert Maley, CISO for the Commonwealth of Pennsylvania.
  • 3 Ways Penetration Testing Helps DLP (and 2 Ways It Doesn't)

    Posted April 6, 2009 - 9:35 am

    Penetration testing's future has been caught in heated debate recently, sparked by Fortify Co-Founder and Chief Scientist Brian Chess' prediction that the practice would die off this year. Many IT security practitioners rose to pen testing's defense, calling it an indispensible tool for uncovering data breach attempts from inside and outside the organization. The truth is somewhere in the middle.
  • Fuzzing and Product Security

    Posted March 18, 2009 - 4:40 am

    Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar.
  • Penetration Testing: Dead in 2009

    Posted December 16, 2008 - 3:05 pm

    Penetration testing: Security experts mention it all the time as one of the essential tools of defense-in-depth. Companies have raked in the dough selling the service and the tools for years. But is it possible that penetration testing -- the art of probing company networks in search of exploitable security holes that can then be fixed -- is an idea whose time is about to expire?
Join us:






Join today!

See more content
Ask a Question