Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - How Red Teams Hack Your Site to Save It (

Nerval's Lobster writes: "The use of a Red Team and penetration testing can strengthen an organization’s security posture. But how does a Red Team member actually think like an attacker, and use that mindset to exploit security vulnerabilities?

Gillis Jones works for WhiteHat Security, where his job rests within the TRC (Threat Research Center). It’s here that he performs hands-on site assessments, which involve manually confirming all the issues reported by an automatic scan of a particular Website or application. His job includes checking the application’s POST and GET requests for reflection of any inputs. He also checks for Cross-Site Scripting (XSS), which includes stored, reflected, and DOM XSS vulnerabilities. His aim is to build a mental map of a Website and its applications, so he knows “where to hit, where important functionality is, stuff like that.” Information leakage, XSS and SQLi are also common problems."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

How Red Teams Hack Your Site to Save It

Comments Filter:

Some programming languages manage to absorb change, but withstand progress. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982