Archive for category penetration testing

Testing Flash Applications

Posted by Jhaddix in penetration testing on February 7th, 2010

SaaS Penetration Testing is a model i can’t get behind, but that doesn’t mean that the people behind the product don’t have good ideas. A few days ago this company provided a pretty decent guideline article on testing flash applications called A Lazy Pen Tester’s Guide to Testing Flash Applications

It outlines the general categories of vulns we should be looking for in flash apps:

* Cross Site Scripting
* Malicious Data Injection
* Insufficient Authorization Restrictions
* Secure Transmission
* SWF Information Leak
* Minimum Stage Size for Anti-ClickJacking
* SWF Control Permission
* Untrusted SWF in Same Domain
* Clickjacking
* Privilege Separation
* Cross Domain Policy Audit
* Uninitialized Variable Scanning
* Remote Method Enumeration
* Business Logic Testing

I like it. Check it out.

,

No Comments

Review: Secrets of Network Cartography: A Comprehensive Guide to Nmap

Posted by Jhaddix in Uncategorized, penetration testing on April 15th, 2009

Also featured  on Ethicalhacker.net:

Nmap is indispensable.

OK, that was obvious. There is no doubt that Fyodor and contributors have made the de-facto standard of network scanners, but when it comes down to learning the ins and outs and the power of Nmap, where should you put your hard earned cash?

Let’s neglect the support documentation (man pages) for a second, and assume you don’t really use Nmap on a day-to-day basis. Why? Over at http://www.professormesser.com/, James “Professor” Messer has put together a 232-page eBook proving that one doesn’t have to be a networking guru to learn how to use Nmap effectively in your organization.

But what about the $197 video companion to this $47 book? How does it stack up against Fyodor’s own book on Nmap (See EH-Net Review by JP Bourget)?

Stick around my friends as the answers you seek are only minutes away, click here for the full review!

No Comments

Welcome

Posted by Jhaddix in CBT, CEH, CISSP, Information Secirity, penetration testing on August 15th, 2008

Welcome to Security Aegis

Se·cu·ri·ty –noun

1.freedom from danger, risk, etc.; safety.
2.freedom from care, anxiety, or doubt; well-founded confidence.
3.something that secures or makes safe; protection; defense.

Ae·gis –noun

1. Classical Mythology. the shield or breastplate of Zeus or Athena, bearing at its center the head of the Gorgon.
2. Protection; support: under the imperial aegis.
3. Guidance, direction, or control

Enjoy.

No Comments