ISC2® has started using CAT exams for the English version of their CISSP® exam. See feedback we have received about this new style of testing. Read the article below.
Finally, we have launched the new cccure quiz engine. It is better than every. Enjoy. Clement
Here is a great document from the PCI Data Security Standard (PCI DSS) council on Penetration Testing. It is directly applicable to the new CBK coming our on tthe 15th April 2015. I highly recommend to read this to help you with the exam.
Beginning this month, (ISC)² has a new annual continuing professional education (CPE) policy, which requires members to earn an equal number of CPEs each year within a three-year certification renewal period. This policy was updated to help our members remain current on their CPEs on an annual basis, therefore, making the comprehensive three-year certification renewal process easier for them to manage.
Software Development security is an important domain on the exam. Lack of knowledge and involvement of Security in the SDLC is one of the main cause of the issues we have today with enterprise software. Look at this great article from Jeff William telling you HOW to do it properly and giving you great link to learn more.
SophosLabs has uploaded a new security awareness video that is really well done. In two minutes you can teach your users How to pick a proper password. This is one video all of your users should see.
The first step in any penetration testing or ethical hacking exercise is to find out what hosts are alive on the network and what services they are running. One of the best tools for carrying out such enumeration is NMAP. Here I show you some of the basic uses of NMAP in a clear, easy to follow format.
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
Videos and information on how to use the HEISC security assessment tool for higher education.
This free spreadsheet tool from Educause can help identify gaps in a college or university security profile and kick-start a security conversation on campus.
In this article you will find some of the recommended online testing labs to practice your skill ethically and legally.
Hack.me is a FREE, community based project powered by eLearnSecurity.
See below a short list of Linux Distribution you can use for Security Testing, Penetration Testing, or other security purpose. As usual, if your preferred distribution is not on the list let me know.
It's a great opportunity to learn in-depth details about the OSSTMM, especially OSSTMM 4, in a great setting. Plus the price is undeniably good. Seriously.