Vulnerability scanning should occur frequently, on the scale of once a month. Vulnerability scanning should consist of configuration verification and software version (including patch level) verification.
More rigorous testing for vulnerabilities should occur once or twice a year. This more rigorous testing needs a name, and the name that is used is penetration testing or pentesting.
What is done during this more rigorous testing, this penetration testing, is to gather network device information and simulate a malicious attack to check for access points into servers containing sensitive data. Tools like nmap, nessus and nikto are typically employed during penetration testing.
The boundaries of penetration testing must be clearly defined. What is a penetration test? Whatever the contract says it is.
Case in point: the episode 229 podcast of PaulDotCom, in which the customer acknowledges that their ID card readers have a known vulnerability, and “you can’t test that” … which evokes shameless derisive laughter. But why should it? Isn’t the customer trying to find out what they don’t know? For example, replacing an ID card reader system is an expensive process; knowing that it has a vulnerability doesn’t make a budget appear. A penetration test is what the contract says it is.
- HackingLoops is an online resource for learning Ethical Hacking. It covers wide range of information security topics including tips, password hacking along with relevant information about the latest tool. It also provides guidelines for baseline security.
- Training videos at PentesterAcademy
- Penetration Testing Framework by Kevin Orrey
- Open Source Security Testing Methodology Manual (OSSTMM) by Pete Herzog
- The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) by Patrick Engebretson
- Penetration Tester’s Open Source Toolkit, Third Edition by Jeremy Faircloth
- Coding for Penetration Testers: Building Better Tools by Jason Andress and Ryan Linn
- Metasploit: The Penetration Tester’s Guide by David Kennedy
- BackTrack 4: Assuring Security by Penetration Testing by Shakeel Ali
- BackTrack 5 Wireless Penetration Testing Beginner’s Guide
by Vivek Ramachandran (Oct 9, 2011)
- Kali Linux penetration testing distribution; replacement for BackTrack
- Recon-ng is a full-featured Web Reconnaissance framework written in Python by Tim Tomes. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, use the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!
- Wi-fEye Wireless Pentesting Tool 1.0 Beta is an automated wireless penetration testing tool written in python , its designed to simplify common attacks that can be performed on wifi networks so that they can be executed quickly and easily.
- Island Hopping the SpiderLabs Way
- Dradis is a self-contained web application that provides a centralized repository of information to keep track of security assessment information gathering that has been done so far, and what is still ahead.
- Penetration Testing Lab blog with links to distros, tools, exploits, other blogs
- Core Impact
- Anonymous speaks: the inside story of the HBGary hack
- SecurityOverride offers pen-testing tutorials, hacking challenges, security articles, exploits, tools and more. Its primary goal is to help develop penetration testing skills, and prevent security attacks in the future.
- PaulDotCom episode 232 with Mike Murr and Mike Murray about phishing and social engineering
- Information Gathering
- Pushpin online mapping using geolocation information from social networking sites
- Detecting ‘Auto-answer’ in Videoconferencing Equipment
- Don’t neglect Scapy for packet crafting. While you’re at it, get the
Wireless Intrusion Detection Testing Tool from Alien Vault. Read Assessing Outbound Traffic to Uncover Advanced Persistent Threat [pdf] for additional uses for Scapy.
- NullSecurity belongs to a group of ethical security testers who actively develop and test security controls using a variety of custom tools and techniques. The content presented in the site is only part of the toolkit and is intended to aid both new and existing security staff who need to protect assets on a day to day basis, by eliminating holes that “black hat” hackers could use to circumvent existing controls.
- CMSmap is a Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs (WordPress, Joomla and Drupal). The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. Python-based open source