begood Posted March 17, 2010 Report Posted March 17, 2010 Breaching the network perimeter is much more difficult today than a few years ago. Most large enterprises have dedicated security teams running IDSs/IPSs, have network separation and event monitoring and alerting capabilities. This has thus caused a paradigm shift in the way hacking and hence penetration testing needs to be conducted. Hackers now are looking more at the users of the protected network as the attack vector, than the network perimeter itself. User environments are far more complex than a network perimeter. Hackers use browser vulnerabilities, and security threats in plugins such as Flash, ActiveX, Quicktime etc to compromise users remotely. As most of these users have unrestricted access to internal networks and resources in an organization, a hacker can thus penetrate deep into the network, without ever having to break through the perimeter.In this detailed video lecture, spanning over 2 hours, Dean De Beer talks about Client-side penetration testing methodologies and how it differs from the server and perimeter focused one. You can download the PDF of the talk here. Thanks for Dan Guido for posting this wonderful lecture on his site. I highly recommend SecurityTubers to watch this video!Client Side Penetration Testing Methodology Primer Tutorial Quote
vizitatoru123 Posted March 17, 2010 Report Posted March 17, 2010 Ba e foarte interesanta chestia. Mersi Quote
