How to fit tools in a Vulnerability Assessment & Penetration Testing ?

When we were attending conferences on IT security, we usually asked and learn many things.
Here is one of my question regarding VA/PT to expert in IT security, hope you like it and learn from it too, Because sharing is caring (Its time to Share now)

Student:

How to fit tools in a VA/PT?
Student:

Behalf of Learners – i would like to ask one question – so that beginners also can understand the first basic of penetration testing..
In most cases student attend hacking workshops or classes have basic understanding of few security tools. Typically students have used port-scanner, Wireshark, Metasploit etc etc.. Unfortunately most beginners do not understand how these tools fit into the PT. or it may cause the knowledge of beginners or its incomplete knowledge.. or lack of knowledge..

so according to Expert of Penetration Testing – What is the best way to Fit such kind of tools in manner – so that it will define one kind of framework of penetration testing officially.. ???
( just like i read one cycle of PT (A)Reco->Scanning->Exploitation->Maintaining Access->(A) )
IT Security Expert:
Not an expert – but from my viewpoint, VA/PT is not just about tools. A training should include the following:

  • Why we do VA/PT?
  • VA/PT Process and Framework (Which is not just about tools)

The main problem is that generally these are the theoratical part of the trainings and most of the students are not interested in the theory. Most of the beginners are interested in the “exploit” or “shell” part of it.

As part of the trainings, the tools should be covered in such a way that the students should know:

  • Whey we need to use tool?
  • Which tool to use?
  • When to use a particular?
  • What information should be gatherred or collected?
  • How to use the tool? (Various options and parameters)
  • Advantages and Disadvantages of using tools
  • How to create your own custom tools, etc.

To summarize, a good VA/PT training should balance both the Theory and Practial Hands-on equally and also at the same time give importance to the Technial and Management side of VA/PT.

(Thanks Manu Zacharia for such beautiful guidance on IT Security )

Advertisements

OWASP Mantra – Fully Loaded Browser with Pentest Bookmarks !!

Hi Leaders,

Before going further, read my previous topic on ” Is your browser teaching Ethical Hacking ? “, Absolutely !

I would like to introduce another best part of OWASP Mantra browser is Pentest Bookmarks !
Another best reference material / food / b33r for learner / Beginner / Professional in IT security field.

With lots of General Categories as,

HACKERY – Open Penetration Testing Bookmarks Collection

Hackery

GALLEY – Online Penetration Testing Tools Index

Galley

Let we know one thing – “Is your browser teaching Ethical hacking ?” Then make it like OWASP Mantra !!
Download the Fully Loaded Browser with bunch of arsenal from here.
4 Tutorials click here.

What is in your mind now ? Go and check those collection and learn as much as you can.
Hack The Gibson” Make ready your arsenal with OWASP Mantra for your next Assignments !

Is your browser teaching Ethical Hacking ?

You might be thinking about this topic,  Many of us, use various toolkit for various purpose for (un/) – professional ethical hacking. We used (Man-In-Middle)proxy interceptor, Scanner, Intruder, Decoder, and many more things while performing web auditing.

Very first step of ethical hacking is reconnaissance.  Sometimes we used 3rd party toolkit to do information gathering, absolutely the process of professional security enthusiasm is different, it depends on the perspective of them. No one can judge their professional security method in right and wrong category. This article is waiting to introduce about browser that help tester, developer and security professional etc.

OWASP Mantra Security Framework is the browser that i would like to introduce.

Here is the Source Information of OWASP Mantra Portal 1/2/3 :

OWASP Mantra is such an innovative product, a security framework built on top of a browser. Its cross-platform, portable and can run out of the box. You can take it with you where ever you go in absolutely any rewritable media including memory cards, flash drives and portable hard disks. More over, Mantra can be used for both offensive security and defensive security related tasks which makes it incredible.


Mantra is a free and open source security toolkit with a collection of hacking tools, add-ons and scripts based on Firefox and Chromium. It is intended for web application penetration testers, web application developers, security professionals, etc.

OWASP Mantra is a powerful set of tools to make the attacker’s task easier. The beta version of Mantra Security Toolkit has various tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. The OWASP Mantra Security Toolkit has tools under the following categories. The complete list of tools is available on the official website. (List of Tools)

  • Information gathering
  • Editors
  • Network utilities
  • Miscellaneous
  • Application auditing
  • Proxy

Mantra browser is teaching many times with the help of their Gallery and Hackery collection 🙂

1. Galley – Online Penetration Testing Tools Index

2. Hackery – Open Penetration Testing Bookmarks Collection

Mantra officially integrated with BackTrack 5 Linux in May 2011 and Matriux Krypton

Lets find out with intro video of OWASP Mantra here:

And Many More Videos

Well this article is all about Mantra Browser only. All you have to do just Experience it !!

I hope i introduced this browser very well and it’s really helpful for security professional that is why the topic of article is “Is your Browser Teaching Ethical Hacking ?

Happy Learning and Happy Hacking with Mantra ^_^