If you’re an IT auditor or security analyst and you don’t know how to ping a server, then I have some words for you:
LEARN HOW!
So let’s do it.
I’m assuming most of my readers already know how to do this. If so, please answer the poll question at the bottom. If not, please read on, then answer the poll question. Thanks!
Filed under Audit, How to..., Poll, Security, Technology
The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.
Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.
If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject. The videos are very basic and over an hour long, and are free for the viewing.
The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.
Filed under Free, Security, Technology
Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
Filed under Security
A recent Lifehacker article makes life easier (and cheaper) for users and harder for companies and their IT and security pros. Top 10 Ways to Access Blocked Stuff on The Web provides tips (not all ethical) on how to go around, over, under, or through the following fences:
ITauditSecurity 