Purple Paper: Exegesis Of Virtual Hosts Hacking

[pagvac <unknown.pentester () gmail com>]

First paper written on the topic of virtual hosts hacking. It covers
basic skills such as passive discovery techniques and (almost) stealth
active discovery techniques. It also presents possible scenarios of
exploitation.

The message behind this paper is:

- do *not* host your organization's website on your corporate network
- do *not* use shared web hosting

For details on why we recommend the two previous practices we suggest
reading the paper.

Finally a survey on UK penetration testing companies is provided which
shows which companies follow the two previous principles.

Note: the intended audience is *web application penetration testers*.


--
Petko Petkov and pagvac
[www.gnucitizen.org], [www.ikwt.com]

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
--------------------------------------------------------------------------