[Full-disclosure] Article: "Security Testing Demystified"
mail at hackingspirits.com
Wed Jan 18 20:37:33 GMT 2006
Hello List Members,
This is an announcement for the release of the article called "Security
Testing Demystified". This article has been written in very simple language
which can be understood not only by security testers but also can be read &
understood by non-technical managers as well.
Just to summarise, this article doesn't talk anything specific about a
particular type of attack rather demonstrate a holistic approach for
security testing. At a broader level it covers the following areas -
- Anatomy of Security Testing
o Understanding the product and its architecture
o Identifying possible attack vectors
o Preparation of test cases
o Vulnerability Research & Discovery
o Exploitation of vulnerabilities found
o Compilation of final security testing report
o Final discussions of bug findings and fixes
- Briefs about various mistakes and assumptions made by programmers
o Talks about why HTTP-REFERRER is a bad thing to rely on
o How important it is to validate all client side info sent to the
o [. . .]
- How to identify potential attack vectors?
- How wild and evil imaginations are important attributes for a
- Anatomy of a Security Testing Report
- Why a final live hack demo is a good thing to do?
I started writing this article in the month of march, 2005 however, due to
time constraints I got almost delayed by 10 months. This article can be
downloaded from -
Feel free to mail me for any kind of queries or suggestions at - debasis
[at] hackingspirits.com or debasis_mty [at] yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.