Information

Security Testing

  • Security & Penetration
  • Hacking & Cracking
  • Forensic Computer Investigation
  • Tools, training and forums

Remember the goal is "Hack to learn, don't learn to hack"!

Location: Global
Members: 108
Latest Activity: Mar 26

Links to Security Related Websites

Security News Websites

Dark Reading: http://www.darkreading.com/

Packet Storm: http://packetstormsecurity.com/

Infosecurity: http://www.infosecurity-magazine.com/

Security Week: http://www.securityweek.com/

Netcraft: http://news.netcraft.com/

 

Hacking / Security Blogs

Ethical Hacking Blog Site: http://www.ehacking.net/

The Ethical Hacker Network: http://www.ethicalhacker.net/

Security Exploded: http://securityxploded.com/

Forensic Artifacts: http://forensicartifacts.com/

 

Hacking Websites & Forums

Hack Forums: http://www.hackforums.net/

Hacking Truths: http://www.hungry-hackers.com/

The Hack Lair: http://hacktalk.net/

 

Hacking Practice Sites

Hack this Site: http://www.hackthissite.org/

Hellbound Hackers: http://www.hellboundhackers.org/

Hack Suite: http://www.hacksuite.com/

 

Hacking Practice Environments

OWASP Web Goat - http://bit.ly/WebGoat

Damn Vulnerable Web App - http://www.dvwa.co.uk/

Gruyere - http://google-gruyere.appspot.com/

 

Podcasts and Video Series

Cigital Silver Bullet Security Podcast: http://www.cigital.com/silverbullet/

 

Security Testing Methodologies

OWASP: https://www.owasp.org/

OSSTM: http://www.isecom.org/osstmm/

ISSAF: http://www.oissg.org/issaf/

 

Threat & Incident Classification

WASC-TC: http://projects.webappsec.org/w/page/13246978/Threat%20Classification

WHID: http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database

Taxonomy of Coding Errors: https://www.fortify.com/vulncat/en/vulncat/index.html

Common Weakness Enumeration: http://cwe.mitre.org/index.html

Microsoft SIR: http://www.microsoft.com/security/sir/

 

Tools

Backtrack: http://www.backtrack-linux.org/

Metasploit: http://www.metasploit.com/

NMap: http://nmap.org/

Wireshark: http://www.wireshark.org/

Burp Suite: http://portswigger.net/burp/

Web Scarab: http://bit.ly/webscarab

XSSF: https://code.google.com/p/xssf/

Nessus (Home Feed): http://www.tenable.com/products

Anonymity Online: https://www.torproject.org/

 

Recommended Books

Web Application Hackers Handbook - Amazon Link

Web Security Testing Cookbook - Amazon Link

Backtrack 4, Assuring Security by Penetration Testing - Amazon Link

Hacking for Dummies - Amazon Link

OWASP Testing Guide - http://bit.ly/qgK9ti

 

Essays

10 Immutable Laws of security - MS

Security Management - The Fundamental Tradeoffs - MS

 

(Note: The list is growing and will be split soon..)

Assuring Security Penetration Testing

Discussion Forum

Have you ever performed any 'security' testing?

Started by Mark Crowther. Last reply by Pawan Singh Jul 24, 2013. 24 Replies

Hiya All, Just a quick straw-poll; have any of you performed any security related testing, no matter what level?If you've done any testing where the objective was to evaluate security, defining that…Continue

Where to start

Started by Jokin Aspiazu. Last reply by Thomas Ponnet Dec 12, 2012. 1 Reply

Hello there!My name is Jokin, I'm a software tester and I find myself as a newbie on what's related to web security testing.... okay, once I've said this, I'm looking for ways to get better on it. So…Continue

Review comment for Acunetix vulnerability scanner

Started by Abhay Kulshrestha Nov 8, 2011. 0 Replies

Hi All, Please provide your valuable review comments for "Acunetix vulnerability scanner". As it might can be used in our company for application security of " .net 3.5" based websites.If it is not…Continue

Maintaining a list of security testing resources

Started by Rosie Sherry. Last reply by Mark Crowther Sep 29, 2011. 1 Reply

We have a wiki that is making gradual progress to becoming a useful resource to the community.  I think it would be useful to have lots of the information posted here on the wiki. What are your…Continue

Security Feeds

Loading… Loading feed

Comment Wall

Comment by Ahmed Mubbashir Khan on July 9, 2011 at 21:19
@Mark please share a Hack with us so that we can learn :)
Comment by Mark Crowther on August 30, 2011 at 11:32
Thanks to those that have joined the group so far. Please let others know it's here and look out for news and activities coming soon!
Comment by Mark Crowther on August 30, 2011 at 11:54
Just added a bunch of links to get started on collating resources for study. If you have any to share be sure to add a Comment here or message me.
Comment by Lorenzo Urbini on August 30, 2011 at 12:46
@Mark thanks for the useful links.. but probably security testing is better if studied straight from real attack examples as Ahmed pointed.
Comment by Mark Crowther on August 31, 2011 at 7:49
Hiya Lorenzo, couldn't agree more and we'll be doing that as we get more members in and kick-off specific threads of discussion. The links above are reference resources for wider study.
Comment by Lorenzo Urbini on August 31, 2011 at 8:42
Well looking deeper the material, there are some interesting attacks history there inside too! not bad, cheers.
Comment by Mark Crowther on September 2, 2011 at 9:40
Welcome to all the new comers, great to see folks joining the group!
Comment by Mark Crowther on September 4, 2011 at 8:52
Links page updates:
  • Added 'Web Scarab' to the tools list.
  • Added 'Hacking Practice Sites' section
  • Added 'Hacking Practice Environments' section
Comment by Mark Crowther on September 4, 2011 at 9:11

Promoting the group:

Please Tweet the link to this group!  http://bit.ly/STCSecurity

Also, hit +1 on related pages where you can

Start discussions, comment and tweet!

Cheers!


STC TEAM
Comment by phil kirkham on September 5, 2011 at 17:10
Noticed this on Googles resources

Add a Comment

You need to be a member of Security Testing to add comments!

 

Members (108)

 
 
 

Adverts

Ministry of Testing

© 2014   Created by Rosie Sherry.

Badges  |  Report an Issue  |  Terms of Service