Skip to main content

Posts

Metasploit & Nexpose Hacking Part -II

Recent posts

Metasploit & Nexpose tutorial Part -I

   NEXPOSE EXPOSED     You will learn more about NeXpose and Metasploit features, their usage and how you can best utilize these tools in order to perform penetration testing or a security assessment of your organization. Specifically, in this module, you will be able to learn more about NeXpose, the great vulnerability assessment and management software available on the market. In the field of security testing or penetration testing, a vulnerability assessment plays an important role in order to successfully penetrate into any network or system. To achieve this goal or perform the tasks, you need a cutting edge vulnerability assessment tool in order to assess the security of the target network or, in other words, perform a vulnerability assessment.  NeXpose isn’t the only tool available in the market to perform vulnerability assessment, however, it is one of the best among the industry leading tools in vulnerability assessment.   Basically, the vulnerability assessment leads to the ex

Software Security Testing Part - V

 Security in Software Development Lifecycle Security in software Development    Welcome to the last, but not the least, module of the software security-testing workshop. So far, we have discussed how you can perform code review, how to use code review tools and methodologies along with types of the code reviews. We have also learned that security should be built into the software development lifecycle. It’s worthwhile to present the concept of security during the development lifecycle.    In this module, we will be highlighting the security development lifecycle and we recommend that you should first complete the previous four modules.    What is security in the software development lifecycle?     Well, this is basically building security within the software development stages into the software itself. A security development lifecycle is a process that helps software developers to build software with security consideration.    What needs to be considered as security measures have been

Software Security Testing Part - IV

 Demo Code Review Introduction    Welcome to the fourth module of software security testing workshop. In this workshop so far we have spoken enough about security testing in software code, methodologies and different types of software testing along with different tools introduction that are available easily in the industry market. However, so far we have not presented a practical demo for performing code review.    This will be a quick module to demonstrate how you can perform code reviews before you put your code on a live desk. We will be using Flawfinder as our tool to review code written in “C” language.    What is Flawfinder?    The Flawfinder is an open source security code review tool that is easily available to be downloaded from the Internet in one quick go.    Vendor’s mouth    “A simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential secu

Software Security Testing Part - III

  Source Code Review Tools & Techniques Introduction    Welcome to the third module of software security testing workshop. This module will specifically discuss tools available on the Internet to perform security source code review, or simply code review. These tools are not easy to use and understand as it is not a script kiddy job to simply run and detect the vulnerability and you need to have a solid background in programming to understand what the tool is highlighting as a flaw and what could be the outcome of a complete review.    This module is an easy go as it will speak about different tools and some snapshots. This module can be separately studied to gain more knowledge about source code review tools and their features. In this module, we will public speaking and reviews about these tools.     In today’s field of information security, the fastest growing areas in the software security industry is a source code analysis tool, also known as static analysis tools. These tools

Software Security Testing Part - II

 Types of Software Security Testing Introduction   Welcome to the second module of software security testing workshop.In this module, we will be exploring different types of evaluating software security. It is recommended that you should first complete the previous module in order to build a knowledge base in this domain, which will help you continue in this workshop with a separate mind set on how to be an expert in software security testing.  Software Security Testing    Different organizations and different security professionals define it differently and mostly all are correct. There are different ways of understanding software security testing. Following are some well known concepts:,    “Security testing which is non-functional in nature, more focused on security aspects”                          OR  “It is a type of testing in which a security professional performs different types of attacks to check the security blueprint of the software in order to find if the software or appl

Software Security Testing Part - I

  The Basics of Software Security Introduction   Welcome to the first module of this workshop. In this workshop, we will be learning about the overall software security testing happening in the field of information security, covering many aspects of security. However, in this module, we will talk about the knowledge base, the basics of software security.  Prerequisites  • Sound knowledge in computer programming  • Sound knowledge of information security and related technologies  • Expert in any one programming language  The Software Industry    The software industry is approximately 50+ years old and it has progressed from a very basic level of software to complex development and now there is a lot of competition among developers and in the mobile software development market.    Most importantly, in today’s software industry, there are threats to the software we normally and generally use, e.g., operating systems, like Windows. However, to overcome this, we use different types of to