Tag: access management
Tag: access management
Use Defensive Cybersecurity to Mitigate Cyber attack
Wired.com reported that the Kaseya was warned by the Dutch Institute for Vulnerability Disclosure that there was a potential vulnerability in its system. In this case, Kaseya did not ignore the warning, but Kaseya did not move first to patch up the exposure. The impact of this attack on Kaseya is enormous because it is
Read MoreGathering Penetration Testing Intelligence from Network and Application Platform Configuration
Network configuration refers to the process of setting a network’s controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives.
Read MoreHow to Use Robots.txt File to Gather Intelligence for Penetration Testing
In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. What is the robot.txt file? The roborts.txt is a file that
Read MoreGathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as
Read MoreSelection of Tools for Penetration Testing
There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As
Read MorePlanning for Penetration Testing
In the last episode, I described the need to test your systems to assess if it has any vulnerability, and then use the report to fix up and patch the crucial areas of importance. Penetration testing is also referred to as ethical hacking. Though both refer to the same concept, there is a difference between
Read MorePenetration Testing as a Cybersecurity Survival Technique
It does not matter how strong you made your security controls and policies, if you have tested to see if it can withstand the doom day attack, then you need to think again. You may need to find out if it meets your expectation or other industry standards. Penetration testing can be considered as an
Read MoreSecurity Challenges in Elearning Systems
As eLearning is emerging as a good alternative for leaning in situations where learners and instructors cannot meet in a physical location, the need to ensure confidentiality, integrity, and availability of eLearning systems are growing just as the demand for eLearning is growing. Elearning depends on the internet and its availability and suffers the same
Read More