Table of Content:
* Pen Testing: Why We Do It
We’re penetration testers. What do we do? Why do we do it? What does it say about us?
* Fixing the Industry
IFTACH IAN AMIT, CHRIS NICKERSON
Penetration testing has been a skill (some say an art) for as long as we can remember information security and the computer industry.
* Building a Better Penetration Test Report
Do you build reports for your penetration tests? Want to make them more useful and more readable?
* How Fuzzy Are You Today? A Guide to Client-Side Fuzzing Using Peach
What do you do if your targets are fully patched and you do not find any configuration issues during a penetration test?
* Dueling Apache Tomcat
Setting up a JSP-enabled web server is cumbersome and complex.
* Heuristic Methods vs. Automated Scanners Which is the most efficient? Humans? Machines? Or the two in tandem?
As most penetration testers know, a manual check of a Web Application can be much more thorough than a completely automated one.
* Operationalizing Penetration Testing Results Using Network Monitoring Software – All For Free
We will model the results of a penetration test using network and application monitoring tools.
* Pulling Shellcode From Network Stream
SALAHUDIN WAN KHAIRUZZAMAN
In computer security terms, a shellcode is used as a payload in exploiting software vulnerabilities.
* Interview with Gary McGraw, Ph.D. CTO Cigital
Gary McGraw from Cigital about his views on software security and the Building Security In Maturity Model.
http://pentestmag.com/fixing-the-indust ... -standard/