11. (forfun&profit)
PenTestingPenTesting
What is a hacker?
Hacker ... is a term used in computing that can
describe several types of persons
– Hacker (computer security) someone who seeks
and exploits weaknesses in a computer system or
computer network
– Hacker (hobbyist), who makes innovative
customizations or combinations of retail electronic
and computer equipment
– Hacker (programmer subculture), who combines
excellence, playfulness, cleverness and exploration
in performed activities
(http://en.wikipedia.org/wiki/Hacker)
12. (forfun&profit)
PenTestingPenTesting
Why:-
From NIST SP800-53A
– To “enhance the organisation’s understanding
of the system”
– To “uncover weaknesses of deficiencies in the
system”
– To “indicate the level of effort required on the
part of adversaries to breach the system
safeguards”
● Read ZF05
https://securitythoughts.wordpress.com/2009/08/1
1/zero-for-0wned-zine-zf05/
18. (forfun&profit)
PenTestingPenTesting
Who:-
● Large organisations (UK) may be required
to employ a cyber/digital security specialist
– cf health & safety specialists
● However, every web development
company should (probably) have such a
cyber security “specialist”
– qualified
– experienced
29. (forfun&profit)
PenTestingPenTesting
Books
● The Basics of Hacking and Penetration Testing: Ethical
Hacking and Penetration Testing Made Easy
– Patrick Engebretson
● Ninja Hacking: Unconventional Penetration Testing
Tactics and Techniques
– Thomas Wilhelm & Jason Andress
● Seven Deadliest Web Application Attacks (Seven
Deadliest Attacks)
– Mike Shema