Skip to main content

Xavier Santolaria's Library tagged pentesting   View Popular, Search in Google

Apr 11, 11

"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. "

Mar 25, 11

For those who are learning web application security testing (or just trying to stay sharp) it's often difficult to find quality websites to test one's skills. There are a few scattered around the Internet (see the link in the notes section below) but it would be nice to have a solid collection of test sites all in one place.

Mar 24, 11

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.

Today, we want to present a tool that can be added to your reconnaissance toolkit.

Mar 09, 11

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Mar 04, 11

Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.

Feb 09, 11

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.

Feb 02, 11

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Jan 22, 11

While there is a ton of great data within the GSR 2011 report, for this blog post, I wanted to focus a bit of attention to the web application sections of the report.  

Jan 14, 11

Welcome to Ask A Pentester, where you can get your security questions answered by members of the IT Security community!

Jan 06, 11

"Wouldn’t it be fantastic to be invisible for a day? Walk straight into a bank vault in the morning, be a fly on the wall in the Oval Office for lunch, and spend an evening in your favorite movie star’s house. Well, now you can – with Metasploit!"

Jan 05, 11

"One of my biggest challenges in learning how to pentest was finding systems to test against. I heard that using your neighbors network is “frowned upon”, and hanging out in a Starbucks and pwning your fellow coffee drinkers on the public wifi raises the occasional eyebrow.

So what do I do? Build a test environment. "

Jan 04, 11

"We have done many List’s of before this post. To name a few – List of FREE VPN Providers!, List of Cell Phone Forensic tools! and List of TOP LiveCD’s for Penetration Testers!. But, nothing like the one we are doing today."

Jan 03, 11

"Yesterday I made a tweet stating that pen testing and pen testers are obsolete. Here's what I mean by that.

Originally, pen testing was a simulation of what real attackers would do. Then it became more about validating vuln scan/assessment results. Now its essentially about compliance check boxing. (PCI)"

Dec 28, 10

"The end result was that WAFs do have value when used properly, and may provide value beyond pure security, but aren't a panacea. Since you could say that about the value of a gerbil for defending against APT too, here's a little more detail..."

1 - 18 of 18
20 items/page

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo