InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 1 min 43 sek zpět

Pentesting for PCI DSS Compliance: 6 Key Requirements

12 Duben, 2018 - 15:00

For any organization that processes, stores or transmits credit card data, penetration testing has been an obligation since 2013. That’s when the compliance requirements put together by the Payment Card Industry Security Standards Council (PCI SSC) were updated to reflect the growing threat adversaries pose to the credibility of the credit card industry. The changes […]

The post Pentesting for PCI DSS Compliance: 6 Key Requirements appeared first on InfoSec Resources.

Pentesting for PCI DSS Compliance: 6 Key Requirements was first posted on April 12, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

9 Free Risk Management Tools for IT & Security Pros

12 Duben, 2018 - 15:00

Selecting and following the appropriate risk assessment methodology is key to creating a safe computing environment. However, the reality is that assessing risk and recognizing the rate of return is a time-consuming task to accomplish Thus, it often does not become a priority for many businesses and corporations. Determining risk can be a complicated task […]

The post 9 Free Risk Management Tools for IT & Security Pros appeared first on InfoSec Resources.

9 Free Risk Management Tools for IT & Security Pros was first posted on April 12, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A3 Update: Sensitive Data Exposure

12 Duben, 2018 - 14:39

Introduction Si vis pacem, para bellum! This classic Latin quote by Vegetius translates to “If you want peace, prepare for war.” As far as aphorisms goes, this is probably one of the best known amongst military strategists, and — even after a couple millennia — it’s a perfect fit for the war against cybercrime. There […]

The post 2017 OWASP A3 Update: Sensitive Data Exposure appeared first on InfoSec Resources.

2017 OWASP A3 Update: Sensitive Data Exposure was first posted on April 12, 2018 at 7:39 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali

12 Duben, 2018 - 01:14

In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. Introduction Dex2Jar Dex2Jar is a freely available tool to work with Android “.dex” and Java “.class” files. As you may aware that “.dex” files are compiled Android application […]

The post Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali was first posted on April 11, 2018 at 6:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A2 Update: Broken Authentication

11 Duben, 2018 - 14:33

Introduction Broken authentication is a significant security issue and should be fixed as soon as possible. Despite being widely documented for years, it still holds the second position in OWASP’s 2017 list of the top 10 most critical web application security risks. The OWASP (Open Web Application Security Project) is an open community dedicated to […]

The post 2017 OWASP A2 Update: Broken Authentication appeared first on InfoSec Resources.

2017 OWASP A2 Update: Broken Authentication was first posted on April 11, 2018 at 7:33 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series: Apktool

11 Duben, 2018 - 12:14

In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). With the help of Apktool, we can decode APK resources to almost original form; […]

The post Android Penetration Tools Walkthrough Series: Apktool appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series: Apktool was first posted on April 11, 2018 at 5:14 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Preventing Business Email Compromise (BEC) With Strong Security Policies

10 Duben, 2018 - 22:27

Introduction Business email compromise (BEC) is a phishing and social engineering scam threatening every organization in every sector on every continent. Even if you have some anti-phishing policies in place, you may not be protected from this growing threat. In this article, we will break down the BEC threat and explain how ineffective security policies […]

The post Preventing Business Email Compromise (BEC) With Strong Security Policies appeared first on InfoSec Resources.

Preventing Business Email Compromise (BEC) With Strong Security Policies was first posted on April 10, 2018 at 3:27 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A10 Update: Insufficient Logging & Monitoring

10 Duben, 2018 - 18:58

Introduction Many critics of the Open Web Application Security Project (OWASP) Top Ten list view insufficient logging and monitoring, new on the list in 2017, as more of a best practice guide for defending a web application than an actual vulnerability. The argument goes logging and monitoring are basic pillars of a modern secure system. […]

The post 2017 OWASP A10 Update: Insufficient Logging & Monitoring appeared first on InfoSec Resources.

2017 OWASP A10 Update: Insufficient Logging & Monitoring was first posted on April 10, 2018 at 11:58 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Introduction to the Mobile Application Penetration Testing Methodology

10 Duben, 2018 - 18:38

Introduction The Mobile Application Penetration Testing Methodology (MAPTM), as described by author Vijay Kumar Velu in his ebook, is the procedure that should be followed while conducting mobile application penetration testing. It is based on application security methodology and shifts the focus of traditional application security, which considers the primary threat as originating from the […]

The post Introduction to the Mobile Application Penetration Testing Methodology appeared first on InfoSec Resources.

Introduction to the Mobile Application Penetration Testing Methodology was first posted on April 10, 2018 at 11:38 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CASP Domain 5: Technical Integration of Enterprise Components

9 Duben, 2018 - 23:35

Introduction Technical integration of enterprise components falls under the fifth and final domain of the CompTIA advanced security practitioner (CASP) exam, CAS-002, and constitutes 16% of the overall percentage of the exam. As a CASP, you must be able to undertake the responsibility of integrating enterprise components securely. Doing so requires you to understand the […]

The post CASP Domain 5: Technical Integration of Enterprise Components appeared first on InfoSec Resources.

CASP Domain 5: Technical Integration of Enterprise Components was first posted on April 9, 2018 at 4:35 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

XML Vulnerabilities Are Still Attractive Targets for Attackers

9 Duben, 2018 - 22:58

–> Click the link to the right to download the associated configuration files for this lab article Introduction XML is widely used in software systems for persistent data, exchanging data between a web service and client, and in configuration files. A misconfigured XML parser can leave a critical flaw in an application. Processing of untrusted […]

The post XML Vulnerabilities Are Still Attractive Targets for Attackers appeared first on InfoSec Resources.

XML Vulnerabilities Are Still Attractive Targets for Attackers was first posted on April 9, 2018 at 3:58 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Introduction to the Paros Proxy Lightweight Web Application Tool

9 Duben, 2018 - 21:50

Introduction The Paros Proxy Lightweight Web Application tool is one of the most popular penetration testing tools for web applications. Web app developers and security experts use it to test their web applications for security vulnerabilities. Paros is built on Java, meaning it can run on multiple operating systems. In this article, we shall take […]

The post Introduction to the Paros Proxy Lightweight Web Application Tool appeared first on InfoSec Resources.

Introduction to the Paros Proxy Lightweight Web Application Tool was first posted on April 9, 2018 at 2:50 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II

9 Duben, 2018 - 21:27

In the previous article “Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I,” we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows […]

The post Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II appeared first on InfoSec Resources.

Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II was first posted on April 9, 2018 at 2:27 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series: MobSF

9 Duben, 2018 - 21:02

Introduction This article reviews the step by step procedures for deploying a Pen Testing tool called “MobSF,” which is utilized primarily on the Android OS. MobSF is an open source and intelligent tool that can be used to perform both static and dynamic analyses on Android and iOS platforms. It can also assist with Web […]

The post Android Penetration Tools Walkthrough Series: MobSF appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series: MobSF was first posted on April 9, 2018 at 2:02 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hashcat Tutorial for Beginners

9 Duben, 2018 - 20:25

Introduction Hashcat is a well-known password cracker. It is designed to break even the most complex passwords. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed. Password representations are primarily associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, etc. They are also defined […]

The post Hashcat Tutorial for Beginners appeared first on InfoSec Resources.

Hashcat Tutorial for Beginners was first posted on April 9, 2018 at 1:25 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

All You Need to Know About the Cambridge Analytica Privacy Scandal

9 Duben, 2018 - 19:47

Introduction The commercial data analytics company Cambridge Analytica is in the middle of one of the biggest privacy scandals of the last years; the firm has used data harvested by Facebook to target US voters in the 2016 Presidential election. The data were collected by a group of academics that then shared it with the […]

The post All You Need to Know About the Cambridge Analytica Privacy Scandal appeared first on InfoSec Resources.

All You Need to Know About the Cambridge Analytica Privacy Scandal was first posted on April 9, 2018 at 12:47 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A9 Update: Using Components With Known Vulnerabilities

9 Duben, 2018 - 19:35

Introduction It does not take a rocket scientist to understand using components with known vulnerabilities is a very poor choice. While solving this issue may sound straightforward, i.e., using components with NO known vulnerabilities, it still is quite a challenge. As of 2017, it remains a serious issue that, if overlooked, may severely impact your […]

The post 2017 OWASP A9 Update: Using Components With Known Vulnerabilities appeared first on InfoSec Resources.

2017 OWASP A9 Update: Using Components With Known Vulnerabilities was first posted on April 9, 2018 at 12:35 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Combat Business Email Compromise Scams With New Awareness Training Tools From SecurityIQ

6 Duben, 2018 - 17:25

Business email compromise (BEC) attacks are growing in both frequency and severity. According to the FBI, BEC attacks cost businesses $5.3 billion from 2013 to 2016 — a figure Trend Micro predicts will grow to $9 billion by the end of 2018. BEC attacks are one of the most costly security threats facing your organization […]

The post Combat Business Email Compromise Scams With New Awareness Training Tools From SecurityIQ appeared first on InfoSec Resources.

Combat Business Email Compromise Scams With New Awareness Training Tools From SecurityIQ was first posted on April 6, 2018 at 10:25 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A6 Update: Security Misconfiguration

6 Duben, 2018 - 14:48

The Open Web Application Security Project (OWASP) is a volunteer group whose goal is to build a more robust Internet. One of their flagship publications is the Ten Most Critical Web Application Security Risks list, which was reviewed and republished last year. The 2017 list is the first major update since 2013; it went through […]

The post 2017 OWASP A6 Update: Security Misconfiguration appeared first on InfoSec Resources.

2017 OWASP A6 Update: Security Misconfiguration was first posted on April 6, 2018 at 7:48 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A5 Update: Broken Access Control

5 Duben, 2018 - 14:53

The Open Web Application Security Project (OWASP) announced a major update to their Ten Most Critical Web Application Security Risks list in 2017. Last updated in 2013, OWASP’s list is considered an important reference document for both developers and managers. After two drafts and public commentary, the final 2017 version was released in November. Newly […]

The post 2017 OWASP A5 Update: Broken Access Control appeared first on InfoSec Resources.

2017 OWASP A5 Update: Broken Access Control was first posted on April 5, 2018 at 7:53 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security