A practical approach
Product security is more than running code scanning tools and facilitating pentests. Yet that’s what many security teams focus on. Secure coding is not a standalone discipline, it’s about developing systems that are safe. It starts with organisational culture, embedding the right behaviours and building on existing code quality practices.
Conducting an awareness training or explaining complex information security concepts can be simplified and made fun through gamification. It is possible to learn more about information security simply by playing card games. Please see below for the three games you can download for free, print and start playing today.
1. Playing with application vulnerabilities
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic.
2. Playing with threat modelling
Elevation of Privilege (EoP) is the easy way to get started threat modelling, which is a core component of the design phase in the Microsoft Security Development Lifecycle (SDL).
The EoP card game helps clarify the details of threat modelling and examines possible threats to software and computer systems.
The EoP game focuses on the following threats:
An academic-style paper explains the rules motivation and lessons learned in creating the game
3. Playing with privacy
The VOME project created a card game to support the discussion and teaching of issues of online privacy and consent. Players make decisions about what information characters might reveal to others and what they keep to themselves.
According to the authors, the main idea behind the game is to use the rules to model the way that information flows around the online environment. In real life, these flows are complex and often hidden. In the game it is possible simplify the relationships and decisions, and provide immediate feedback on the effects of those decisions
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. The manuals section provides you with simple information in order to get up and running with Back|Track and help with some additional features unique to the suite.
Nmap –free open source tool for network analysis and security audits.
Typical use:
nmap -A -T4 localhost
-A to identify operating system, trace and scan with scripts
-T4 configure time parameters (scale 0 to 5, higher the number – higher the speed)
localhost — target host
You can use “slow comprehensive scan” to get more detailed information pertaining target system
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO –script all localhost
For more information please refer to Nmap Reference Guide
Hydra is a flexible and fast password auditing tool which supports numerous protocols and parallelization.
Nikto – Open Source (GPL) web-scanner. This tool can help you find undeleted scripts (such as test.php, index_.php, etc), database administration utilities ((/phpmyadmin/, /pma, etc) and many more typical errors on target website.
To use simply start with:
/nikto.pl -host localhost
Acunetix – very easy to use web vulnerability scanner. Free version still has great functionality and can help checking web applications for SQL Injection, XSS & other web vulnerabilities
Nessus – very powerful free for home use web-scanner, which helps security auditors identify available running services on target system, check for potential security misconfiguration and many more
To test identified vulnerabilities you can use Metasploit Framework or try to find exploit (on explot search, Explot-db, etc.) and use it manually on your system
The Metasploit Framework helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments./
It is possible to use Nmap to analyze ports, identify services and Metasploit to exploit vulnerabilities depending on service (ssh, ftp, etc.)
Armitage – tool that can help you test network for vulnerabilities. Basically, it is a GUI for Metasploit Framework and Nmap. It visualizes targets, collects data and makes whole process of penetration testing easier
And to test all of these for those of you, who interested in vulnerability analysis, reverse engineering, debugging,, exploit development and privilege escalation, you can refer to Linux hacking challenges. This project has several virtual machines, exercises and manuals to help you improve your skills.
Here are some additional TOP lists of tools for penetration testing
Top 100 Network Security Tools
Top 10 Web Vulnerability Scanners
Top 10 Vulnerability Scanners
OWASP Top 10 Tools and Tactics
Web-based Application Security Scanners
Web Application Security Scanner List by WebAppSec
Cyber Security Leadership 