Vega – an Open Source Web Application Security Tool
I am by no means an application security expert; however I try to learn. I blog to learn. In reading various security publications I came across an advertisement for a beta release of Vega. So what...
View ArticlePenetration Testing Execution Standard
So what is Penetration Testing Execution Standard or PTES for short? It is a technical guideline on how to perform penetration tests. There should be a standard to be followed so the reports and...
View ArticleDradis Web Application
Being part of a team working on penetration testing can be a bit frustrating to manage change control and documentation. I’ve been looking for something like Dradis. So what is Dradis? Dradis is an...
View ArticleBring Your Own Device To Work
People bringing in their own device to work is not something new. It’s been around for quite sometime; but people were bringing in their laptop or BlackBerry and not iPhone, iPad, Android, etc. The...
View ArticleOWASP Los Angeles
Hello Netizens Tonight I attended the OWASP Los Angeles Security Summit. I must mention that I had an awesome time listening to our featured speakers. Being involved and attending OWASP has really...
View ArticleSimple Network Vulnerability Assessment Methodology
Simple Network Vulnerability Assessment Methodology The simple network vulnerability assessment methodology (SNVAM) consists of 7 main phases and is used for conducting assessments for small and medium...
View ArticleAutomated Security Scanning in the Cloud
For small IT Security companies it’s very hard to find competitive pricing on Software-as-a-Service offerings for Automated Security Scanning solutions. On the other hand I did come across a great...
View ArticleYet another cloud-based automated Security Scanner
As a security practitioner I am always on the lookout for new tools to add to my tools repository. I received an email from a company called Boom Security about their new offering called BoomScan. I...
View ArticleOpinion on Vulnerability Scanning and Penetration Testing
I came across a meaningful blog post by Adam Schindelar as I was reading through my tweets. The title of the post is “Prerequisites for Pentests” and I found it to be useful in the sense that I can use...
View ArticleCyber Security Evaluation Tool (CSET)
The Department of Homeland Security (DHS) National Cyber Security Division developed CSET for asset owners with the primary objective of reducing the risk to the nation’s critical infrastructure....
View Article