Penetration Testing Resources

These resources will help you gain a deeper understanding of penetration testing strategies, methodologies and best practices. Many of the links also offer insights into pressing issues that can necessitate the expansion of your internal IT security assessment capabilities.

GENERAL PENETRATION TESTING INFORMATION

Wikipedia Article

A high-level definition of penetration testing:

http://en.wikipedia.org/wiki/Penetration_test

Penetration Testing Execution Standard

A new standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing (i.e. Security evaluations):

http://www.pentest-standard.org/index.php/Main_Page

SANS Institute Penetration Testing Reading Room

A set of resources on penetration testing trends, authored by students as part of their certification requirements:

http://www.sans.org/reading_room/whitepapers/testing/

Penetration Testing Directory Project

An independent online directory offering links to information on penetration testing and related content:

http://www.penetrationtests.com/

Vulnerability Testing Glossary

A comprehensive index of vulnerability and penetration testing terminology published by the University of Oulu, Finland:

http://www.ee.oulu.fi/research/ouspg/sage/glossary/

Vulnerability Assessment Portal

An information portal for Vulnerability Analysts and Penetration Testers published by an independent U.K.-based expert:

http://www.vulnerabilityassessment.co.uk/index.htm

NETWORK PENETRATION TESTING

National Institute of Standards and Technology (NIST)

“Special Document 800-42: Guideline on Network Security Testing”

A US government-issued paper:

http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf

ITBusinessEdge.com

“Pen Tests Find and Patch Network Openings”

An interview with Mike Yaffe, director of product marketing at Core Security:

http://www.itbusinessedge.com/item/?ci=32807

Information Systems Audit and Control Association (ISACA)

“Network Penetration Testing”

A slide presentation authored by Jack Jones, director of information security, Nationwide:

www.isaca-centralohio.org/archive/presentations/2000_10-Network_Penetration.ppt

WEB APPLICATION PENETRATION TESTING

SearchSecurity.com

“Web application penetration testing: Best practices”

An overview of the web application penetration testing process:

http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1233892,00.html#

The Open Web Application Security Project (OWASP)

“The Evolution of Web Application Penetration Testing”

A slide presentation with Daniel Cuthbert:

http://www.owasp.org/images/c/ca/AppSec2005DC-Dan_Cuthbert-Evolution_of_App_Pen_Testing.ppt

SecurityFocus

Research article on “Five common Web application vulnerabilities”:

http://www.securityfocus.com/infocus/1864

Ethical Hacker Network

Informational article on “How to Break Software”:

http://www.ethicalhacker.net/content/view/43/2/

CLIENT-SIDE PENETRATION TESTING

SearchFinancialSecurity.com

“Testing for Client-Side Vulnerabilities,”

A “how-to” article on client-side penetration testing methodology and techniques authored by Lenny Zeltser, a leading security training expert: http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1298546,00.html

ebizQ.com

“Penetration Testing Like a True Hacker”

A column on the need to test client-side applications by leading security analyst, Mike Rothman:

http://www.ebizq.net/blogs/mike_rothman/2008/03/penetration_testing_like_a_tru.php

Jacadis

“If a system is hacked and a SIM doesn’t “hear” it, does it make a noise?”

A blog post on the need to carry out client-side penetration testing to evaluate IT defensive mechanisms, authored by a security consultancy:

http://thought.jacadis.com/my_weblog/2008/09/if-a-system-is.html

GNU Citizen.org

“Client-side SQL Injection Attacks”

A short essay on the ability to exploit clients using SQL injection techniques, authored by contributors to an information security think tank:

http://www.gnucitizen.org/blog/client-side-sql-injection-attacks/

Usenix.org

“An Encrypted Payload Protocol and Target-Side Scripting Engine”

A methodology for carrying out a client-side penetration testing authored by noted researcher, Dino Dai Zovi:

http://www.usenix.org/event/woot07/tech/full_papers/daizovi/daizovi_html/

WIRELESS PENETRATION TESTING

SANS Institute

Wireless security training and penetration testing tutorial:

http://www.sans.edu/resources/securitylab/wireless_framing_2.php

PaulDotCom Network Security Projects

Notes from a training course on hacking wireless routers and using them in penetration tests:

http://pauldotcom.com/wiki/index.php/Sec535

WirelessDefence.org

A wireless penetration testing framework:

http://wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html

PENETRATION TESTING AND COMPLIANCE

PCI Standards Board

“Information Supplement: Requirement 11.3 Penetration Testing”

An outline of the penetration testing requirements for the Payment Card Industry’s Data Security Standard:

https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

National Institute of Standards and Technology (NIST)

“Special Document 800-53a”

A guide for assessing security controls in federal information systems, including government penetration testing requirements:

http://csrc.nist.gov/publications/nistpubs/800-53A/SP800-53A-final-sz.pdf

SearchSecurity.com

“Penetration testing: Helping your compliance efforts”

Mike Rothman explains why penetration testing is a critical aspect of any security program:

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1312508,00.html

ITBusinessEdge

“Penetration Testing Key to HIPAA Compliance for Care New England”

An interview with Larry Pesce, manager, IT security, Care New England Health System:

http://www.itbusinessedge.com/item/?ci=16382

Microsoft

“IT Showcase: Attack and Penetration Testing”

A set of techniques and methodologies to test compliance to security policies, and to detect previously unknown vulnerabilities:

http://www.microsoft.com/downloadS/details.aspx?familyid=385FCEC0-D4EC-4108-8EDD-85B5FACD7EC5&displaylang=en

PENETRATION TESTING METHODOLOGIES

InfoSec Institute

A security training organization’s blog on practical penetration testing techniques:

http://www.infosecinstitute.com/blog/2005/10/penetration-testing-methodology-fact.html

The Institute for Security and Open Methodologies (ISECOM)

“Open Source Security Testing Methodology Manual”:

http://www.isecom.org/osstmm/

Common Criteria Web Application Security Scoring (CCWAPSS)

A comprehensive security scoring method for Web applications:

http://ccwapss.blogspot.com/

Information Systems Security Assessment Framework (ISSAF)

A security testing methodology published by the Open Information Systems Security Group (OISSG):

http://www.oissg.org/issaf

Penetration Testing Framework

An outline for planning assessments and gathering information relevant to the penetration testing process:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

PENETRATION TESTING BLOGS & OPINIONS

PaulDotCom Community Blog

A security community blog with a focus on penetration testing and an array of expert industry contributors:

http://pauldotcommunity.blogspot.com/

Penetration Testing Directory Project Blog

An ongoing study of the security assessment process, industry and related issues, written by professional pen testers:

http://www.penetrationtests.com/blog/

Spylogic.net

A blog about security and penetration testing, written by a professional pen tester:

http://spylogic.net/

Security Second Thoughts

A blog about penetration testing and security research written by an independent security consultant:

http://www.matthewneely.com/blog

PENETRATION TESTING TRAINING

Forward Discovery

http://www.forwarddiscovery.com/

Hacker Academy

http://www.thehackeracademy.com/

InfoSec Institute 

http://www.infosecinstitute.com/

International Council of Electronic Commerce Consultants

http://www.eccouncil.org

iVolution Technologies

http://www.ivolutionsecurity.com

Logical Security

http://www.logicalsecurity.com/education/education_overview.html

Mile2

http://www.mile2.com

PaulDotCom

http://pauldotcom.com/

SANS Institute

http://www.sans.org/

Security University

http://www.securityuniversity.net

TrueSec

http://www.TrueSec.com

Vigilar´s Intense School

http://www.vigilar.com/training

7SAFE

http://7safe.com

PENETRATION TESTING WHITE PAPERS, PODCASTS AND OTHER RESOURCES

Penetration Testing Mailing List

A mailing list for the discussion of issues and questions about penetration testing and network auditing, hosted by SecurityFocus:

http://www.securityfocus.com/archive/101/description

Seven Deadly Penetration Testing Sins

A list of security testing no-no’s published by code analysis providers Matasano Security:

http://www.matasano.com/log/1026/seven-deadly-pen-test-sins/

PaulDotCom Security Weekly

Videocast of the PaulDotCom audio podcast, which covers a broad array of security and penetration testing issues:

http://www.pauldotcom.com/videos/

Security Training WebCasts

A series of expert videocasts hosted by leading security and testing trainers from SANS Institute:

http://www.sans.org/webcasts/

CISSP White Papers

An index of security and penetration testing white papers maintained by training experts Logical Security:

http://www.logicalsecurity.com/resources/resources_whitepaper.html