Lesson 8: Two days ago we covered VoIP assessments, and yesterday we covered Intranets and the use of proxies. Most of last week also covered internal network infrastructure assessments, except for some topics such as PDA phones and WiFi devices.
Today I wanted to talk about reconnaissance, which some people refer to as footprinting. […]

Lesson 7: Today I wanted to bring the real meaning behind these techniques into the spotlight. Learning about how IT groups do real security is only part of this.
I’m also talking about what I’ve seen that IT security shops don’t do. What penetration-testers or auditors don’t recommend. What everyone misses. This […]

Lesson 6: Last week was great as I started out talking about a variety of topics including –

Day 1 — Physical network segmentation / Browser tools
Day 2 — Kernel protection in network drivers / Crawling tools
Day 3 — Sandboxing / HTTP tools
Day 4 — Web application defenses / SQL injection tools
Day 5 — Secure channels […]

Lesson 5: After the first week, many of these assessment techniques don’t all fit together or seem congruent. Mid next-week, I think a lot of these pieces will start to come together to form a big picture. The recommendations I’ve given so far are not things I’ve seen or heard from the community […]

Lesson 4: We’ve touched on some of the critical-path ways to assess and protect your infrastructure including network segmentation and OS/application sandboxing. Often, the weakest area of technology is what you can’t segment or sandbox effectively, which today is why we will be covering web applications.
Part 1: Information assurance vulnerability assessment — Web applications
With […]