WH-Type Questions on Vulnerability Assessment and Penetration Testing ! (0)

Many times we forgot to take output from many automated tools or Manual testing, we generally worked on raw data, The data which we have to arrange in way that client can understand risk rating of respective target. It is Tester’s skill to represent highly confidential data in-front of client.

Module O

Wh-type questions on VAPT

?


Before going to VAPT, we must have to know some criteria behind information Security. Every one have different point of view to explore their knowledge on any information Security topic, Here is some summary question that surely by searching answer of those, can create your own documentary !! wow..

General Questions on Information Security:-

What is information/data Security ?
What is Confidentiality ?
What is Integrity ?
What is Availability ?
What is Ethical Hacking ?
What are the classification of hackers ?

Future Questions:-

What is the history of hacking ?
why you want to know history of hacking, then go ahead and discover future of hacking 😉 ?

Motivation behind hacking:-

What is your purpose of hacking ? for money, profit, political view, competitive strategy, attitude,
personal grievance, curiosity, mischief, attract attention, credit ?

Optional Question on hacking:-

what is your point of view about hacking ?

A). Easy B). Hard C). neither easy nor hard D). Depends E). Not Applicable

Actual Terms in Ethical hacking:-

What is Vulnerability ?
What is Threats ?
What is Risk Management ?
What is IT Security Audit ?
What is LAW for ethical hacking in your country/state ?
What are the types of security test ?
What is Vulnerability Assessment ?
What is Penetration Testing ?
what is White Box and Black Box Testing ?
What is “Red Teams” ?

Actual Methodology of Testing:-

What is Testing Methodology ?

To be continued…

Is your browser teaching Ethical Hacking ?

You might be thinking about this topic,  Many of us, use various toolkit for various purpose for (un/) – professional ethical hacking. We used (Man-In-Middle)proxy interceptor, Scanner, Intruder, Decoder, and many more things while performing web auditing.

Very first step of ethical hacking is reconnaissance.  Sometimes we used 3rd party toolkit to do information gathering, absolutely the process of professional security enthusiasm is different, it depends on the perspective of them. No one can judge their professional security method in right and wrong category. This article is waiting to introduce about browser that help tester, developer and security professional etc.

OWASP Mantra Security Framework is the browser that i would like to introduce.

Here is the Source Information of OWASP Mantra Portal 1/2/3 :

OWASP Mantra is such an innovative product, a security framework built on top of a browser. Its cross-platform, portable and can run out of the box. You can take it with you where ever you go in absolutely any rewritable media including memory cards, flash drives and portable hard disks. More over, Mantra can be used for both offensive security and defensive security related tasks which makes it incredible.


Mantra is a free and open source security toolkit with a collection of hacking tools, add-ons and scripts based on Firefox and Chromium. It is intended for web application penetration testers, web application developers, security professionals, etc.

OWASP Mantra is a powerful set of tools to make the attacker’s task easier. The beta version of Mantra Security Toolkit has various tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. The OWASP Mantra Security Toolkit has tools under the following categories. The complete list of tools is available on the official website. (List of Tools)

  • Information gathering
  • Editors
  • Network utilities
  • Miscellaneous
  • Application auditing
  • Proxy

Mantra browser is teaching many times with the help of their Gallery and Hackery collection 🙂

1. Galley – Online Penetration Testing Tools Index

2. Hackery – Open Penetration Testing Bookmarks Collection

Mantra officially integrated with BackTrack 5 Linux in May 2011 and Matriux Krypton

Lets find out with intro video of OWASP Mantra here:

And Many More Videos

Well this article is all about Mantra Browser only. All you have to do just Experience it !!

I hope i introduced this browser very well and it’s really helpful for security professional that is why the topic of article is “Is your Browser Teaching Ethical Hacking ?

Happy Learning and Happy Hacking with Mantra ^_^