Category Archives: Pentesting

tools / processes and experiences in the domain of pentesting

The Ying & Yang of Systems Security Engineering

Overview Systems Security Engineering is Systems Engineering. Like any other engineered system, a security system will follow a certain workflow as it progresses from concept through to deployment. These include architectural development, design, ¬†implementation, design verification and validation. This is … Continue reading

Posted in Pentesting, Security, Systems Engineering | Leave a comment

Installing / Using W3af

Background W3af is a vulnerability scanner for web applications. Arbitrarily scanning random webpages / sites without permission from the site owners could get you a visit from law enforcement of the cyber type (FBI in the US). I recently had … Continue reading

Posted in Pentesting | Tagged , , , | Leave a comment

Pentesting: Day 1

Occasionally I get the opportunity to do something interesting, and today was one of those days. As part of a customer engagement, we are scanning parts of their public interfaces for vulnerabilities. We are stopping short of actual pen-testing, but … Continue reading

Posted in Pentesting | Tagged , , | Leave a comment