Xavier Santolaria's Library tagged pentesting →  View Popular, Search in Google

"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. "

sqlmap security infosec pentesting tools

For those who are learning web application security testing (or just trying to stay sharp) it's often difficult to find quality websites to test one's skills. There are a few scattered around the Internet (see the link in the notes section below) but it would be nice to have a solid collection of test sites all in one place.

pentesting security

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.

Today, we want to present a tool that can be added to your reconnaissance toolkit.

infosec security pentesting software

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

pentesting security owasp infosec web webapps software

Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.

security infosec pentesting

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.

pentesting python security infosec software

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

w3af webapps framework pentesting security infosec

While there is a ton of great data within the GSR 2011 report, for this blog post, I wanted to focus a bit of attention to the web application sections of the report.  

infosec security web webapps pentesting report

Welcome to Ask A Pentester, where you can get your security questions answered by members of the IT Security community!

infosec security pentesting

"Wouldn’t it be fantastic to be invisible for a day? Walk straight into a bank vault in the morning, be a fly on the wall in the Oval Office for lunch, and spend an evening in your favorite movie star’s house. Well, now you can – with Metasploit!"

metasploit security pentesting antivirus

"One of my biggest challenges in learning how to pentest was finding systems to test against. I heard that using your neighbors network is “frowned upon”, and hanging out in a Starbucks and pwning your fellow coffee drinkers on the public wifi raises the occasional eyebrow.

So what do I do? Build a test environment. "

rapid7 pentesting security

"We have done many List’s of before this post. To name a few – List of FREE VPN Providers!, List of Cell Phone Forensic tools! and List of TOP LiveCD’s for Penetration Testers!. But, nothing like the one we are doing today."

security infosec pentesting hardware

"Yesterday I made a tweet stating that pen testing and pen testers are obsolete. Here's what I mean by that.

Originally, pen testing was a simulation of what real attackers would do. Then it became more about validating vuln scan/assessment results. Now its essentially about compliance check boxing. (PCI)"

security pentesting infosec

"The end result was that WAFs do have value when used properly, and may provide value beyond pure security, but aren't a panacea. Since you could say that about the value of a gerbil for defending against APT too, here's a little more detail..."

security webapps waf firewall pentesting

Python Programming Pentesting Security

Security Hacking Pentesting

Security Pentesting Framework

Security Pentesting Framework