Here we will focus on discussing and using the tools and applications that are widely available and free for our use in conducting penetration methodology. To pengunjian use OSSTMM (Open Source Security Testing Methodology Manual), which is generally called the test manual-based Open source, we can access the site in http://www.isecom.org/osstmm/. And next is a web application security that we can we go on site http://www.owsap.org/index.php/Main_Page Web Application Security Project
(OWASP) where the application is provided to help test security systems you build.
Following on the site http://csrc.nist.gov/publications/PubsSPs.html a special publication that mePublikasi his latest series of 800 documents for the public interest. to public safety that the Special 800 series was established in 1990 to provide a separate identity for information technology security publications. Special Publication of this report for the series 800 is usually made in reference by the research ITL outreach efforts in computer security, and all proceeds of this publication merupan collaborative activities from industry, government, and academic organizations. You can get a lot of publications the data we need in the future conduct penetration testing methodologies. Next is the test we can use the Testing Framework http://www.vulnerabilityassessment.co.uk/Penetration sites are petrified of the tester to test the freamwork.
Some of the standard stage process commonly in use by the tester are:
- Phase of planning and Reconnaissance
- Phase scaning and Enumeration (counting)
- Phase Gaining Access or Penetration (gain access)
- Stages Maintaining Access and Exploitation (Repair akases of explotasi)
- And hereinafter Covering Your Tracks (covering some of the tracks that we run)
For testing technique we can use the web tools available aplikas free serperti
- Stand-Alone (http://whois.net, http://www.samspade.org, http://www.dnsstuff. Com)
- Web-based tools
- Google Hacks
- Firefox plug-ins/extension
- Firefox as a front end
- Recommended Setup
Here are some specific on-line sites that can be petrified technique via onlie Hash Crackers
http://gdataonline.com/seekhash.php
http://www.passcracking.com
http://hash.insidepro.com/
http://www.md5this.com/
http://gdataonline.com
http://us.md5.crysm.net
http://md5.rednoize.com
http://www.milw0rm.com/md5
http://shm.hard-core.pl/md5
For details you can get the paper in http://www.scribd.com/doc/16568957/Pen-Testing-the-Web-with-Firefox
Reference: Pen Testing the Web, With Firefox, Michael Schearer
Minggu, 22 Mei 2011
Penetration Testing methodology
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar