HAPPY NEW YEAR !!!

INFOCOM 2013 A Report...

A day I met many people including Mr. Surit Doss who is among the few stall wards at ABP. His article are always inspiring to all who reads them. My talk was on "Current and Future trends and Challenges on Cyber Security" and it was my pleasure to share the platform with Mr. Jotirmoyda. I hope the I lived upto the expectation of the audience.

Web Application Penetration Testing Tools

Posted by Tab Pierce on Wed, May 29, 2013 @ 04:19 PM

As an information security consulting firm, we’re often asked what kinds of web application penetration testing tools are available. For clarification, we’re not talking about ‘tools’ as in people. We understand the confusion, because there is a fair amount of web application testing ‘tools’ out there. But these are some of the web application penetration testing tools we like, along with the in-house ones we use (which are not listed here).

Burp

From the people at Portswigger, we bring you’re the free version of the Burp Suite, which is an integrated platform for testing web applications. We’re big fans of Burp, which we use for everything from mapping to analysis of application surface attacks so we can better discover exploitable vulnerabilities. Key features of Burp include (as noted from Portswigger’s website):

• An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application
• An application-aware Spider, for crawling content and functionality
• A Repeater tool, for manipulating and resending individual requests
• A Sequencer tool, for testing the randomness of session tokens

Even the full version is affordable at $299.00 annually.

Arachni

Arachni is another one of our favorites. It’s an open source web application testing tool that is not only built on Ruby framework, but is rich in features as well. It is also extremely versatile, with uses ranging from a simple command line scanner to a global high performance grid of scanner, as well as a Ruby library that allows for scripted audits. Arachni also has a web user interface that allows multiple users to perform and manage multiple scans, which supports collaborative efforts between users to share scans and any issues they might have logged. This makes it a simple method for distributing a workload of many scans across a pool of dispatchers. One other very handy feature of Arachni is that it trains itself by learning from the HTTP responses it receives during the audit process and is capable of performing meta-analysis using a number of factors to correctly assess the trustworthiness of results and intelligently identify false-positives.

OWASP Zed Attack Proxy Project

The Zed Attack Proxy (ZAP) is an easy-to-use program that can be used effectively by anyone with little or lots of prior security knowledge, including those who are new to penetration testing tools. But don’t assume that ZAP is merely a low-level product. It is robust enough to be utilized by even the most experienced testers. One of ZAP’s primary uses is for automated scanning and comes with tools that assist in manual vulnerability searches. It’s designed to be a simple, integrated penetration testing tool for finding web application penetration vulnerabilities.

Weekend Gateaway to Nimpith - Kaikhali

UML Notes

Links to UML PDF:

https://docs.google.com/file/d/0B-n1lqqGWToXbFRFWmZmNFpSYUE/edit?usp=sharing

https://docs.google.com/file/d/0B-n1lqqGWToXeEU4b3RmRlFWQTQ/edit?usp=sharing

Transit of Venus

credits: Michel Breitfellner and Miguel Perez Ayucar/ESAC

3rd International Conference

Technical and Managerial Innovation in Computing and Communications in Industry and Academia

Venue : Science City, Kolkata
Date : 18th -19th August, 2012
Conference URL: www.iem.edu.in/conference

Theme of the Conference
Innovative Ideas in National Skill Development vis-à-vis International Scenario

Innovative ideas in bridging skill gap and providing trained manpower to various diversified service sectors of the country are the need of the hour. These may be achieved through various national skill development programs and job oriented structured courses that strive towards building a formidable work force of international quality and standard in IT, ITES, Telecom, Finance, Banking, Retail, Manufacturing, Insurance, Infrastructure industries and the like that use technical and managerial approaches.

Innovation is the creation of better or more effective products, processes, services, technologies, or ideas that are accepted by markets, governments, and society. Innovation differs from invention in that innovation refers to the use of a new idea or method, whereas invention refers more directly to the creation of the idea or method itself.

Innovation matters. It is a key characteristic associated with the success of any society. Innovation is exploring new ideas based on existing technologies. The continuous improvement and advancement of the previously known technologies can result in developing new products, processes and systems which improves the quality of life for the society as the whole.

Managing innovation consists of:

Identifying the opportunity for innovation
Setting the objectives and benefits
Background research and generating creative idea(s)
Feasibility and risk factors analysis
Design, development, prototypes and testing
Policies and strategies of new procedures and managements
Market research and analysis
Implementation

For organizations that are competing globally, innovation is the key for survival. Technological innovation requires a change in processes and how companies do business. As an example, manufacturing industry has been changing radically in order to reduce costs and waste, increase variety and improve productivity. Technological innovation is a must to maintain global competitiveness.

Important Dates
Paper Submission: 15^th June, 2012
Acceptance Notification: 7^th July, 2012
Camera Ready Paper Submission: 15^th July, 2012

Paper Submission Link: https://www.easychair.org/account/signin.cgi?conf=tmiccia2012