GET IN TOUCH

STAY IN TOUCH

Maven Security Consulting

Web pentesting and training services. Your trusted security advisor.

Honor + Knowledge = Security…since 2001

Specializing in information and IT security assessments and training: 
Ethical hacking, penetration testing, and cybersecurity validation.

Home » Resources

Resources

Cyber

Check out our special Cyber page.

 

Featured Project

The Web Security Dojo – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

 

Featured Presentations

Cyberfication (PDF) Cyber, cyber, cyber!

OWASP Resources to Know (PDF) Some up and coming OWASP projects to consider, along with a few flagship projects.
Presented for ISSA Delaware Valley in June 2015.

Tips for Better Online Living (PDF) Go beyond just AV and system updates – A few tips for being more secure online.

 

Reference Sheets

Nmap Reference Sheet (version 6) (PDF) A one-page PDF summary of nmap usage and command-line options. This was taken directly from the nmap documentation (man page) and tweaked slightly to fit onto a single page for easy reference.

 

Presentations

CISO’s Guide to Ethical Hacking (PDF) Presented at the Canadian Financial Institute CIRT (CFICIRT) event in Toronto, Canada on Feb. 9, 2006. This session discusses key areas to consider when using ethical hacking as part of your overall security program. This session includes case studies and insights from CISOs across several industries, including banking.

Social Engineering & Ethical Phishing Case Study (PDF) Maven Security was hired to conduct a security assessment for an insurance company. The assessment employed various forms of social engineering and phishing which resulted in Maven Security gaining remote access to policy holder data. This short presentation outlines the technical details of the attacks used, and suggests a few simple solutions to mitigate the exposures presented by these forms of attack.

Emerging Tools & Trends in Hacking (PDF) Presented at Interop NY in Oct 2014 DNSSEC & DNS Security (PDF) Presented by Steve Pinkham of Maven Security at MIS InfoSec World 2008 on March 12, 2008

  • Introduction to DNSSEC core technology
  • Current attack vectors into the DNS system
  • Protections afforded by DNSSEC
  • Current implementation pitfalls and problems, with some suggested workarounds
  • What DNSSEC can and cannot do: impact on phishing, pharming and beyond

Wireless Security Attacks & Defense (PDF) Presented by Steve Pinkham of Maven Security. September 2007 at the IT Security Showcase in Hong Kong for HKPC. This short presentation discusses current trends in Wi-Fi security and outlines best practices for deploying and auditing both securely authenticated and public Wi-Fi in organizations of varying sizes.

Taking the Stand: Expert Witness Case Studies version 2.0 (PDF) The Federal Trade Commission investigation of the Tower Record’s incident of December 2002. Also, US vs. Herbert Pierre-Louis: The 2nd case ever to be tried in the US under 18 U.S.C. Section 1030

 

White Papers

Session ID Case Study

This whitepaper describes how a seemingly complex session ID number was easily cracked by Maven Security during a past web application security assessment.

Basic Auth logout procedures

When a web site uses HTTP Basic authentication, how can you “log out” the user? You could tell them to close all their browser windows when finished, or you could read this doc. Basic Authentication Log Out (v1.0 – last updated June 10, 2002).

 

Legacy Projects

Achilles

World’s first general-purpose man-in-the-middle web application security testing tool. (Circa Oct. 2000)

WebMaven

First hacker challenge web application for practicing security testing.

Latest News

Blog

Contact US

↑ Top of Page