If you’re an IT auditor or security analyst and you don’t know how to ping a server, then I have some words for you:
So let’s do it.
I’m assuming most of my readers already know how to do this. If so, please answer the poll question at the bottom. If not, please read on, then answer the poll question. Thanks!
The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.
Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.
Filed under Free, Security
If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject. The videos are very basic and over an hour long, and are free for the viewing.
The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.
Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
- “Deficiencies, even in our security technologies, are an unfortunate fact of life,” says Shipley.
A recent Lifehacker article makes life easier (and cheaper) for users and harder for companies and their IT and security pros. Top 10 Ways to Access Blocked Stuff on The Web provides tips (not all ethical) on how to go around, over, under, or through the following fences:
Filed under Security, Top 10