Re: eBanking Security Testing (network and application) Methodology Released

[Yuri Demchenko <demch () chello nl>]

cbc wrote:
> Hi All,
>
> Be careful on the whitepapers in this website. They
> are from specific vendors and not from third
> independant party. The words they used are skewed
> towards the spec of their product. Be intelligent
> folks!!
>
In contrary, I would say rather few good words in address of this 
whitepaper together with some remarks.

Actually it's a good overview of some tools and techniques for general 
network diagnostics that can be used for security testing and 
post-incident investigation for application specific _network_ 
infrastructure.

IMHO, the paper should be structured in another way to become more 
specific for ebanking whatever is understood under this term.

Checking picture links at http://www.ebankingsecurity.com/testing9.asp 
and other pages would be useful.

Regards,

Yuri

peter () ebankingsecurity com wrote:

> Hello
>
> A new ebanking security testing methodology has been released on 
> www.ebankingsecurity.com which covers both applications and generic networks. 
>
> This work focuses on practical security testing approaches, and is different from 
> other work in that it covers:
>
> 1. Basic Penetration Testing - the usual stuff here, pretty basic and entry level
> 2. Advanced Penetration Testing - this section goes into detail of advanced TCP/IP 
> protocol and application level attacks, as well as having a ICMP security attacks 
> section.
> 3. Web Application Testing - some useful stuff here, pretty basic I would say for 
> most the list.
>
> Above all the content is practical and relevant to todays ebanking and generic e-
> transactions network.
>
> There is an option on the site to download this as a PDF. 
>
> All comments and feedback are welcome. 
>
> Peter Robinson
> peter () ebankingsecurity com
> http://www.ebankingsecurity.com