Friday, August 27, 2010

Penetration Testing

I am listening to a class from East Tennessee Status University (ETSU) taught by David Frazier, Ethical Hacking CSCI 4957 (iTunes U). This wiki page defines to term Penetration Testing, an active analysis of a system's security primarily by utilizing common ways of compromising the system.

One of these days I would like to go through the class exercises and homework myself. A lot of tools and resources are discussed. I liked the concept of "competative grading", the person who has the best/biggest/most of the assignment gets the top grade and all other get a percentage of that top score.

In the mean time, I vow to improve my personal security by maturing my use of passwords. After learning more I'll investigate the tools. (Can't do it from work because Big Brother doesn't allow access to "potentially malicious" sites, good job IT.)

Read this article, Digital Wallets and Whistle Blowing. What do you think. Good problem for an ethics discussion.

Here is a launching point; Software Engineering Ethics Research Institute.

Good list of penetration test ideas on the SANS site: CWE/SANS Top 25 Most Dangerous Software Errors.

Google Hacking Database

No comments: