Forgot your password?
typodupeerror
Security IT

How Red Teams Hack Your Site To Save It 58

Posted by samzenpus
from the we-had-to-destroy-the-village-in-order-to-save-it dept.
Nerval's Lobster writes "The use of a Red Team and penetration testing can strengthen an organization's security posture. But how does a Red Team member actually think like an attacker, and use that mindset to exploit security vulnerabilities? Gillis Jones works for WhiteHat Security, where his job rests within the TRC (Threat Research Center). It's here that he performs hands-on site assessments, which involve manually confirming all the issues reported by an automatic scan of a particular Website or application. His job includes checking the application's POST and GET requests for reflection of any inputs. He also checks for Cross-Site Scripting (XSS), which includes stored, reflected, and DOM XSS vulnerabilities. Those checks let him determine the Website’s basic security posture. If user input isn’t encoded or sanitized, that’s a good indicator of other problems. And if that’s the case, then Jones (or someone like him) will move on to checking for SQL Injection (SQLi) vulnerabilities and other issues."
This discussion has been archived. No new comments can be posted.

How Red Teams Hack Your Site To Save It

Comments Filter:

Never invest your money in anything that eats or needs repainting. -- Billy Rose

Working...