Become a fan of Slashdot on Facebook


Forgot your password?

Submission + - How Red Teams Hack Your Site to Save It (

Nerval's Lobster writes: "The use of a Red Team and penetration testing can strengthen an organization’s security posture. But how does a Red Team member actually think like an attacker, and use that mindset to exploit security vulnerabilities?

Gillis Jones works for WhiteHat Security, where his job rests within the TRC (Threat Research Center). It’s here that he performs hands-on site assessments, which involve manually confirming all the issues reported by an automatic scan of a particular Website or application. His job includes checking the application’s POST and GET requests for reflection of any inputs. He also checks for Cross-Site Scripting (XSS), which includes stored, reflected, and DOM XSS vulnerabilities. His aim is to build a mental map of a Website and its applications, so he knows “where to hit, where important functionality is, stuff like that.” Information leakage, XSS and SQLi are also common problems."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

How Red Teams Hack Your Site to Save It

Comments Filter:

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"