Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Exploiting Cisco Routers: Part 1
This is the first of a two-part series that will focus on identifying and then exploiting vulnerabilities and poor configurations in Cisco routers.
Demonstrating ROI for Penetration Testing (Part Three)
The third article in this series focuses on defining terms related to the Risk Analysis process and touches on Information Asset valuation methods that are critical when justifying the necessity and expense of a Pen Test.
Penetration Testing for Web Applications (Part Three)
The third and final article in this series investigates session security issues and cookies, buffer overflows and logic flaws, and provides links to further resources for the web application penetration tester.
Demonstrating ROI for Penetration Testing (Part Two)
The second article in this series will introduce Risk Management concepts as they relate to Information Asset valuation.
Demonstrating ROI for Penetration Testing (Part One)
This is the first in a series of articles demonstrating ROI (return on investment) for a penetration test. You will have to step into the world of budgeting, cost justification, resource allocation, and learn a few unfamiliar terms.
Penetration Testing for Web Applications (Part Two)
The second installment in this series expands upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. It also explores the manner in which these issues may manifest the client-side as cross-site scripting and other content-manipulation vulnerabilities.
Penetration Testing for Web Applications (Part One)
This is the first in a series of three articles on penetration testing for Web applications. The first installment provides the penetration tester with an overview of Web applications - how they work, how they interact with users, and most importantly how developers can expose data and systems with poorly written and secured Web application front-ends.
Welcome to the SecurityFocus Pen-Test Focus Area
The new SecurityFocus Pen-Test focus area offers a unique forum for the exchange of pen-test information.