Finding websites that are hosted on a particular IP address or that are hosted on a shared web server is a very useful part of information gathering during a penetration test. Bing supports searching for websites that are indexed on a particular IP address, and there are a few websites that provide this service too, […]
Tag: infrastructure
Penetration Testing: A Preventative Security Control
Penetration testing should be part of a preventative approach to Information Security and Security Control to ensure that vulnerabilities are not exploited. It is still a mystery as to why a large number of organisations do not take a more preventative approach to Information Security. There has been enough information in various publications about the […]
Virtual Security Management
Virtual Security Management – Virtualisation is amazing for running things simultaneously, on-the-go etc but security problems do come with the positives.” First of all, in the interests of fairness, I should point out that I think virtualisation is amazing. I love the idea that my laptop can run several different, largely independent operating systems simultaneously. […]
Security is a Process, not a Product
Security is a process, not a product – Strong IT security brands encourage the use of a single commercial product but this is not as secure as a process. It’s not a novelty to say that the market is often regulated by the strong business brand and it is no exception for IT security. Companies […]
Penetration Testing Is Not Vulnerability Scanning
Penetration testing is not vulnerability scanning and should not be confused. Vulnerability scanning is one of the first parts of the penetration test process. I recently received the go-ahead for an external penetration test which referred to the test as “a scan”. This is not the first time I have seen penetration testing and vulnerability […]
Application Penetration Testing Versus Vulnerability Scanning
This article demonstrates real-world examples of the different types of flaws found only through manual testing. Application-Penetration-Testing-Versus-Vulnerability-Scanning.pdf (823 KB)