Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

+ - How Red Teams Hack Your Site to Save It->

Nerval's Lobster writes: "The use of a Red Team and penetration testing can strengthen an organization’s security posture. But how does a Red Team member actually think like an attacker, and use that mindset to exploit security vulnerabilities?

Gillis Jones works for WhiteHat Security, where his job rests within the TRC (Threat Research Center). It’s here that he performs hands-on site assessments, which involve manually confirming all the issues reported by an automatic scan of a particular Website or application. His job includes checking the application’s POST and GET requests for reflection of any inputs. He also checks for Cross-Site Scripting (XSS), which includes stored, reflected, and DOM XSS vulnerabilities. His aim is to build a mental map of a Website and its applications, so he knows “where to hit, where important functionality is, stuff like that.” Information leakage, XSS and SQLi are also common problems."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

How Red Teams Hack Your Site to Save It

Comments Filter:

The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.

Working...