If we step back and think about what customers are up against, it is truly staggering. Building a secure web application and network are akin to building a nuclear reactor plant. No detail is small and insignificant, so one tiny failure (a crack, weak weld, or a small contamination), despite all of the good inherent in the design and implementation, can mean failure. A similar truth impacts web application security – just one flaw, be it a misconfiguration or omission in the myriad of components, can provide attackers with enough of a gap through which immense damage can be inflicted. And to add insult to injury, these same proactive defensive measures are relied upon in many environments to help detect these rare events (sometimes called black swan events). Network and application administrators have a tough job, and a white-hat’s purpose is to help them and their organization do it better.
Tag: Web (Page 2 of 2)
I think, were I to be a professional, that web apps would be a significant focus. I don’t have the stones to be a Social Engineering specialist, lack the in-depth OS knowledge to be a malware author, and I haven’t done digital design since vacuum tubes were in vogue (just a slight exaggeration – but I have used those and mag amps!). Web app hacking and pen testing has a fairly low cost of entry – some of the folks I follow show hacks with a browser and their wits. Looking at all of the things that browser can do, it is no wonder why!
Mike here – I am going to pull some tidbits from the Mastering Kali for Web Pen Test book to help get things rolling – we’ll mix up the content between topics, but I wanted to give you something to chew on 😉
So you are probably asking, When can we have some pen testing fun? Let’s just say soon. We have to establish a safe yet representative environment that can provide ripe targets for the various tests we’d like to run. We also want to push the limits without impacting the performance of some real production applications or their underlying systems or supporting networks. As variety is the spice of life, it also holds true in penetration testing. Continue reading
More from Us
-
Mike
- Impact: When Attackers Just Want to Watch the World Burn
- Exfiltration: The Attacker’s Great Escape with Your Data
- What’s Causing Mike’s Indigestion Now? We’re obsessed with the wrong snowflakes (28 June 2024)
- Command and Control: This is Major Tom to Ground Control
- What’s causing Mike’s Indigestion now? Someone’s entered the “find out” stage (20 June 2024)
