arD3n7 works for a leading IT company and is deeply passionate about information security. As a researcher, arD3n7 loves anything and everything related to penetration testing.

GDS Burp API – Part I

Introduction In my previous article, I discussed the importance of Python and how we can utilize it to fill the gaps created by commercial scanners, thus imp

Python for Web application security professionals

Introduction: Python is an open source, interactive, object oriented programming language. It's very easy to learn and an extremely powerful high level langu

Vulnerability Assessment of SNMP Service – Part 4

Background: This is the fourth article on vulnerability assessment of SNMP service. So far we've covered the basics, discovery, and data extraction using va

Vulnerability Assessment of SNMP Service – II

Background: This is our second article in a series on vulnerability assessment of SNMP Service. In the previous article, we learned how we could set up a SN

Vulnerability Assessment of SNMP Service – I

Background: This is the first article out of a series of articles that I am planning to write on vulnerability assessment of SNMP Service. SNMP – also known

Running Metasploitable2 on virtualBox

Metasploitable is a Linux-based vulnerable virtual machine. It is designed especially for people interested in learning system exploitation. Rapid7 maintains

Embedding Security in Procurement Process & Vendor Contracts – Part 2

Background: In the previous article, we've covered how to implement security in procurement process and vendor contracts. There are 3 different aspects to m

Embedding Security in Procurement Process and Vendor Contracts

Background: Every organization has a procurement process. Some of the software products acquired by an organization are COTS (Commercial off The Shelf) Solu

An Introduction to Data Masking

Background: Dealing with Production Data is a challenge, but most organizations around the world have safeguards in place which secure the production enviro

Building Security in Requirements

Background: Every software application or product is developed based on business expectations. If we want to build a secure product or application, it is ine

Exception management

An organization is a complex structure. We can set up frameworks, lay out processes and chart our policies and procedures to be followed; however, in practic

Introduction to application risk rating & assessment

Understanding today's threat landscape and looking at the pace with which organizations are adopting secure development practices, there seems to be a huge g