ISC2® has started using CAT exams for the English version of their CISSP® exam. See feedback we have received about this new style of testing. Read the article below.
Finally, we have launched the new cccure quiz engine. It is better than every. Enjoy. Clement
Here is a great document from the PCI Data Security Standard (PCI DSS) council on Penetration Testing. It is directly applicable to the new CBK coming our on tthe 15th April 2015. I highly recommend to read this to help you with the exam.
Software Development security is an important domain on the exam. Lack of knowledge and involvement of Security in the SDLC is one of the main cause of the issues we have today with enterprise software. Look at this great article from Jeff William telling you HOW to do it properly and giving you great link to learn more.
The first step in any penetration testing or ethical hacking exercise is to find out what hosts are alive on the network and what services they are running. One of the best tools for carrying out such enumeration is NMAP. Here I show you some of the basic uses of NMAP in a clear, easy to follow format.
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
The National SCADA Test Bed Program from Idaho National Laboratory (INL). The nation’s electric power grid. This system and the digital components that operate it are reliable and efficient, but often lack sufficient security measures to protect them from new and emerging cyber threats.
In this article you will find some of the recommended online testing labs to practice your skill ethically and legally.
Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions.
See below a short list of Linux Distribution you can use for Security Testing, Penetration Testing, or other security purpose. As usual, if your preferred distribution is not on the list let me know.
The Open Source Security Testing Manual from ISECOM. A fantastic project from my friend Pete Herzog. If you believe in true security this is a must know web site and content.
