Any security evaluation involves three components:

* Preparation: In this phase, a formal contract is signed between an ethical hacker and the authority of the organization that contains a non-disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may face during the conduct phase. The contract also outlines the infrastructure perimeter, evaluation activities, time schedules, and resources available to him.
* Conduct: In this phase, the evaluation technical report is prepared based on testing potential vulnerabilities.
* Conclusion: In this phase, the results of the evaluation are communicated to the organization and corrective advice/action, if needed, is taken.

Explore More

EC-Council Launches Center for Advanced Security Training (CAST)

EC-Council Launches Center for Advanced Security Training (CAST) to Address the Growing Need for Advanced Information Security Knowledge Mar 9, 2011, Albuquerque, NM – According to the report, Commission on

Bruter version 1.0

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety

Selection of tools to automate an attack SQL Injection

sqlmap (http://sqlmap.sourceforge.net/) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase. SQL Power Injector (http://www.sqlpowerinjector.com/) Implemented support for: Microsoft SQL Server,