|
Penetration testing,
popularly known as 'pentesting', 'pen testing', or 'security testing',
is the art of attacking your own or your client's system and networks
exactly how a hacker would do. This helps an ethical hacker identify the
security glitches, vulnerabilities and exploits. So here's bringing 25
resources to learn more about this method.
|
|
Also, learn about the most advanced penetration testing distribution, Kali Linux here.
General Information
1. SANS Institute Penetration Testing Reading Room
A set of resources on penetration testing trends, written by students as part of their certification requirements.
2. Penetration Testing Directory Project
An independent online directory, which offers direct links for information on penetration testing and related content.
3. Vulnerability Testing Glossary
A comprehensive index of vulnerability and penetration testing terminology published by the University of Oulu, Finland.
Network
4. National Institute of Standards and Technology (NIST)
“Special Document 800-42: Guideline on Network Security Testing”
A US government-issued paper.
5. Information Systems Audit and Control Association (ISACA)
“Network Penetration Testing”
A slide presentation authored by Jack Jones, director of information security at Nationwide.
Web Application
6. SearchSecurity.com
A read on “Web application penetration testing: Best practices”. Provides an overview of the web application penetration testing process.
7. SecurityFocus
Research article on “Five common Web application vulnerabilities”
8. Ethical Hacker Network
Informational article on “How to Break Software”:
Blogs And Opinions
9. PaulDotCom Community Blog
A security community blog with a focus on penetration testing and an array of expert industry contributors.
10. Penetration Testing Directory Project Blog
An ongoing study of the security assessment process, industry and related issues, written by professional pen testers.
11. Spylogic.net
A blog about security and penetration testing, written by a professional pen tester.
12. Security Second Thoughts
A blog about penetration testing and security research written by an independent security consultant.
White Papers, Podcasts and Other Resources
13. Penetration Testing Mailing List
A mailing list for the discussion of issues and questions about penetration testing and network auditing, hosted by SecurityFocus.
14. CISSP White Papers
An index of security and penetration testing white papers maintained by training experts Logical Security.
15. Seven Deadly Penetration Testing Sins
A list of security testing no-no’s published by code analysis providers Matasano Security.
16. PaulDotCom Security Weekly
Videocast of the PaulDotCom audio podcast, which covers a broad array of security and penetration testing issues.
17. Security Training WebCasts
A series of expert videocasts hosted by leading security and testing trainers from SANS Institute.
Methodologies
18. InfoSec Institute
A security training organisation’s blog on practical penetration testing techniques.
19. The Institute for Security and Open Methodologies (ISECOM)
Open Source Security Testing Methodology Manual.
20. Common Criteria Web Application Security Scoring (CCWAPSS)
A comprehensive security scoring method for Web applications.
21. Information Systems Security Assessment Framework (ISSAF)
A security testing methodology published by the Open Information Systems Security Group (OISSG).
22. Penetration Testing Framework
An outline for planning assessments and gathering information relevant to the penetration testing process.
Wireless Penetration Testing
23. SANS Institute
Wireless security training and penetration testing tutorial.
24. PaulDotCom Network Security Projects
Notes from a training course on hacking wireless routers and using them in penetration tests.
25. WirelessDefence.org
A wireless penetration testing framework.
Atithya Amaresh, EFYTIMES News Network
EmoticonEmoticon