Check out our special Cyber page.
The Web Security Dojo – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
Cyberfication (PDF) Cyber, cyber, cyber!
Tips for Better Online Living (PDF) Go beyond just AV and system updates – A few tips for being more secure online.
Nmap Reference Sheet (version 6) (PDF) A one-page PDF summary of nmap usage and command-line options. This was taken directly from the nmap documentation (man page) and tweaked slightly to fit onto a single page for easy reference.
CISO’s Guide to Ethical Hacking (PDF) Presented at the Canadian Financial Institute CIRT (CFI–CIRT) event in Toronto, Canada on Feb. 9, 2006. This session discusses key areas to consider when using ethical hacking as part of your overall security program. This session includes case studies and insights from CISOs across several industries, including banking.
Social Engineering & Ethical Phishing Case Study (PDF) Maven Security was hired to conduct a security assessment for an insurance company. The assessment employed various forms of social engineering and phishing which resulted in Maven Security gaining remote access to policy holder data. This short presentation outlines the technical details of the attacks used, and suggests a few simple solutions to mitigate the exposures presented by these forms of attack.
- Introduction to DNSSEC core technology
- Current attack vectors into the DNS system
- Protections afforded by DNSSEC
- Current implementation pitfalls and problems, with some suggested workarounds
- What DNSSEC can and cannot do: impact on phishing, pharming and beyond
Wireless Security Attacks & Defense (PDF) Presented by Steve Pinkham of Maven Security. September 2007 at the IT Security Showcase in Hong Kong for HKPC. This short presentation discusses current trends in Wi-Fi security and outlines best practices for deploying and auditing both securely authenticated and public Wi-Fi in organizations of varying sizes.
Taking the Stand: Expert Witness Case Studies version 2.0 (PDF) The Federal Trade Commission investigation of the Tower Record’s incident of December 2002. Also, US vs. Herbert Pierre-Louis: The 2nd case ever to be tried in the US under 18 U.S.C. Section 1030
Session ID Case Study
This whitepaper describes how a seemingly complex session ID number was easily cracked by Maven Security during a past web application security assessment.
Basic Auth logout procedures
When a web site uses HTTP Basic authentication, how can you “log out” the user? You could tell them to close all their browser windows when finished, or you could read this doc. Basic Authentication Log Out (v1.0 – last updated June 10, 2002).
World’s first general-purpose man-in-the-middle web application security testing tool. (Circa Oct. 2000)
First hacker challenge web application for practicing security testing.