Pwntoken - Digital Security Research

Information Security Sciences with Shritam Bhowmick.

Defining an Enterprise Penetration Test

| Comments

Are Enterprises Aware Of A Defined Penetration Test?

It really took me a complete decade to have a meaningful dedicated routine time having few legit set of questions & debunks we’ll be looking at frequencies from here onwards. After having experienced a large number of strategic targets spending a decade of nights, an expensive totalitarian disciplined existence into hacker community circles ranging from the Mexican Boards, Russian Boards to few selected ones for intel since ages now & a sincere Executioner of Myth, Fanatics including an Experience in side swiping Best Charlatans who’re evolving at a faster pace;

I have with all such detailed experience in total truth concluded the larger scale enterprises lack a defined understanding of what a Penetration Test really is. My study show a very poor performance of the Enterprises at a far capital market reach of a Billion Dollar Industry that the Cyber Security Market can upscale to. I will be the surgeon & would logically be concluding:

  1. Are they Aware!?
  2. Are Even Cyber Security Companies Themselves Aware?
  3. What about the Indian Enterprise Eco-Space - they’re looking a complete joke by now.
  4. Re-Iterating & Re-Focusing, Do Indian Enterprise Eco-System Aware of a Dis-balanced IT Ops Budget & Security Ops Budget?

.. wait - don’t be waiting any longer to have a second thought about mistaking the wide information security domain with just a penetration test. The width I’m talking takes grasping this wide domain .. I’ll leave you there to the width in an image below ..

Enterprise Web Application Security Program

| Comments

Developing Web Security Program for Enterprise Organizations

A long-awaited idea to less complicate web security program came to me while researching and reading a thesis for CERN/European Organization for Nuclear Research to measure effectiveness and efficiency of web security methodologies & techniques for their web applications via employement of EAST - Extensible Agile Security Testing on their test subject web applications and closely monitor old security methodology techniques v/s newer ones by two-times iteration of each of the respective old/new techniques.

Web Application Security Testing

| Comments

.. is it that hard to integrate security into SDLC?

Web Applications (Useful Applications which can be served in Web 2.0/3.0) today are rich and serve an intended purpose - be it to serve an ecommerce website or host a collaborative API to re-create something useful using new ideas for people and by the people. It’s completely safe to assume web applications should have a generic SDLC (software decelopment life cycle or system development life cycle) compared to that of software (as in thick client) and not surprisingly - they do!

Economics of Web Application Security

| Comments

and the following isn’t discouraging!

Here’s why software security would always be a growing concern for leading technologies as well as for them who depend on these technologies e.g. corporations, companies, industry, small scale businesses and at a personal level social sites too. What we are talking here isn’t related to a set of standard de-facto technology but what we are talking about is the economics of related web application software, their technologies and how they can be measured in order to provide a continious flow of quality in security.

Driving-By Dirty Octopress

| Comments

and getting started with Octopress 2.0!

If you drove off here to know about the Octopress framework and get started rapidly over in a hour, this could be your best bet or you could always research and end up in thousand more blogs and end up on the same thing except only after having lost hours linking one solution to another problem and vice versa.

Introduction

| Comments

Readers,

It’s been a while since I was in a move to port my old blog at pwntoken.wordpress.com to Octopress. I chose octopress over wordpress because of the functionality, the learning experience for the new age hackers and the speed. Along with the added repository at github, I had stood across on this one to be made available to the public from github site publishing service (git pages).

Here’s a couple of pointers I would like to add on this introductory post and what this blog would essentially be about:

  • computer science
  • information security research
  • web application security research
  • network infrastructure security research

A couple of other posts could make it out here. To get an overall abstract of the posts, it’s recommended to take a note of the category section and then click on the link of your subject interest. The sole purpose of this blog is to serve personal research tracking to myself and keep a regulatory note of information security sciences for analytical study and it’s development in past, present, recent and for future times; however the collected informational repository made out here could be used for essential incorporation of working knowledge into pratical driven measures given original credits are included and outcome of any code herein mentioned or copied does not hold any accountable responsibility to it’s authors.

I hope the readers will find this blog informative and updated from time to time and will ensure a good resource overall for the information security community. I look forward to constant feedbacks, if any. Time to get back to the originals.

Update: Please keep referencing these which might be very useful from time to time ..

- [How to setup Octopress Cloned Blog & keping accessing from different machines, also - the basic working of Octopress](http://blog.zerosharp.com/clone-your-octopress-to-blog-from-two-places/)

Regards,
Shritam Bhowmick,
Independent Security Consultant