Building a Security Tool Chest - Part 3 - Web App Testing Tools

Thursday, December 04, 2008 10:22:40 PM UTC
by Brennen Reynolds
Web application testing tools are a dime a dozen these days. This post is a short list and description of the tools my colleagues and I use during our web app testing engagements. There are many more tools, both freeware and commercial, that can be used to assist in testing.
Read more ...
Posted in  |  |Comments     

Building a Security Tool Chest - Part 2 - Recon Tools

Monday, November 03, 2008 6:27:50 AM UTC
by Brennen Reynolds
This article is going to cover the first phase of an assessment: information gathering and reconnaissance. I have put together a list of the top 10 most useful utilities and websites I use on a daily basis for security related assessments.
Read more ...
Posted in  |  |Comments     

Building a Security Tool Chest – Part 1 – The Foundation

Friday, October 10, 2008 2:50:18 PM UTC
by Brennen Reynolds
With the seemingly endless number of security products, utilities and information sites available today the thought of putting together a set of tools to perform routine security tasks might seem daunting. It can be, but it doesn’t have to be. Over the next few entries I am going to walk through how someone would put together a security tool chest that can be used for almost all day to day security needs.
Read more ...
Posted in  |  |Comments     

As Grep as it Gets?

Tuesday, October 02, 2007 3:14:30 PM UTC
by Jason Pittman
When faced with sizing for some flavor of scope of work, what might be a quick and easy way to get an accurate count? Here’s a quick and dirty way to get some empirical answers from a Windows computer without being intrusive and without using any non-native utilities.
Read more ...
Posted in  |Comments     

Network Scanning with NMAP

Sunday, July 15, 2007 3:12:23 PM UTC
by Jason Pieters
A brief look at nmap and how to get the most out of it.
Read more ...
Posted in  |Comments     

Strings for You and Me

Friday, June 15, 2007 2:55:06 PM UTC
by Jason Pittman
Ever get to an authentication challenge in a client application and have that feeling of being rooted? I know I have on several occasions. Here is an example of how I might try to bypass the authentication challenge.
Read more ...
Posted in  |Comments     

Anonymous Zone Transfers

Tuesday, May 15, 2007 12:24:31 AM UTC
by Ray Zadjmool
Unkowingly allowing Anonymous Zone Transfers can increase your risk profile immensley. How to test for anonymous zone transfer using nslookup:
Read more ...
Posted in  |Comments