September 10, 2020 | Tools & Templates | Penetration Testing and Red Teaming | By Joff Thyer, IANS Faculty
Penetration tests are risk-oriented and consist of activities ranging from vulnerability assessment to post-exploitation. Establishing specific test goals helps ensure the test meets expectations, and these questions should always be addressed during the scoping process.
IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas. In the 8/18/20 Atlanta Virtual Symposium, IANS Faculty member Dave Kennedy provides an overview of how the framework works and then delves into several key areas.
DOM XSS is a variation of cross-site scripting (XSS) that has been a particularly challenging flaw to discover and stop in web applications – until now. This report explains what DOM XSS attacks are and explores some mechanisms and tools to find and test for DOM XSS security flaws more effectively.