Blog Feed

30 Days of Security Testing – Day Nineteen

The challenge for Day Nineteen is - Research Script Kiddies and/or packet monkeys. Script Kiddies and Packet Monkeys are derogatory term created by experienced hackers for unskilled/inexperienced hackers. Found a great article from the SANS institute written back in 2001 that explains the terms brilliantly. In more detail: Script Kiddies A script kiddie is a... Continue Reading →

Advertisements

30 Days of Security Testing – Day Eighteen

The challenge for Day Eighteen is - Learn about Security Headers. If you are testing a web application, the Developer Tools in your browser are your friend. By pressing F12 on a Windows or Linux machine while accessing a site through a browser (or ⌥⌘I on a Mac), you can see a host of information.... Continue Reading →

30 Days of Security Testing – Day Seven

The challenge for Day Seven is - Learn one or more things about Penetration testing. I ran a quick google search for Penetration Testing definition and found this tidy video: To me, penetration testing looks like one of the coolest branches of testing. Getting paid to play hacker/spy and commanding some of the tastiest pay brackets... Continue Reading →

30 Days of Security Testing – Day Five

The challenge for Day Five is - Learn about Threat Modelling (ie like STRIDE) The great sage Wikipedia defines Threat Modelling as: a process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritised. One popular Threat Modelling tool is STRIDE that was designed by Microsoft back in 1999. STRIDE is... Continue Reading →

30 Days of Security Testing – Day Four

The challenge for Day Four is - Learn anything about Vulnerability Scanning For this challenge I read a good article comparing the difference between vulnerability scans vs penetration testing. A vulnerability scan searches an application for vulnerable ports and known vulnerabilities, then often produces a report listing the vulnerabilities in order of severity. A vulnerability... Continue Reading →

30 Days of Security Testing – Day One

WeTest are putting a spotlight on Security Testing over the months of October and November. This includes two Meetups with expert speakers on the topic and an ongoing discussion on the WeTest Slack group. As a part of the discussion, we're re-visiting the 30 Days of Security Testing Challenge designed by the Ministry of Testing... Continue Reading →

Create a free website or blog at WordPress.com.

Up ↑