I read this a lot on the internet: I’m making familiar myself with Kali Linux! I want to learn Kali Linux! I’ve already installed Kali – now what? But what is Kali Linux anyway? How to learn Kali Linux? And is it really right for it to be so much in the spotlight? What is … [Read more…]
In the approach during a pentest – or actually in the amount and details of the information base made available to the penetration tester – three variants can be distinguished: whitebox, graybox and blackbox pentesting. The blackbox pentest corresponds pretty closely to the information base of a typical external attacker over the Internet. He only … [Read more…]
The best Linux for beginners is Debian GNU/Linux. It is, in my opinion, the best Linux for beginners who want to learn as well as experts. It is a stable Linux distribution on which well-known other distributions such as Ubuntu or Kali Linux are based on, still Debian is not a hardcore distribution like Gentoo … [Read more…]
In addition to an ISO 27001 certification, regular penetration tests of sports betting portals must be carried out for the sports betting licence by the Darmstadt regional council. The pen tests must be carried out according to the OWASP Testing Guide or the OWSAP Testing Guide for web services. The penetration tester must be independent … [Read more…]
The costs of a penetration test depend on the time spent and the daily rate of the penetration tester. The daily rates for penetration testers are above average and range between €1,200 and €2,000, provided it is a reputable service provider for penetration tests. Lower daily rates usually indicate that the respective provider is trying … [Read more…]
A penetration test is basically a structured attack on a company’s IT infrastructure. During this, a penetration tester uses the same tools and techniques that a hacker uses in his attack. However, the objective differs between a malicious hacker and a professional penetration tester. A hacker usually tries to hack a company in order to … [Read more…]
Penetration tests are mandatory for operators of critical infrastructures. In the BSI law under paragraph “8a Security in the information technology of critical infrastructures”, companies are obliged to take appropriate organizational and technical measures to protect their critical infrastructure. The actual law is typically general and abstract. The wording itself does not require penetration tests … [Read more…]
The Content Security Program of the Motion Picture Association (MPA) specifies security requirements in three areas in its Content Security Best Practices Common Guidelines (Version 4.10 of February 8, 2022): Management System Physical Security Digital Security In the requirements for the management system, vulnerability scans and external penetration tests are to be carried out in … [Read more…]
The “minimum security requirements for decentralized portals and registration authorities” for “internet-based vehicle registration (i-Kfz)” from the german Federal Motor Transport Authority (KBA) are extremely extensive. In addition to the architecture of the i-Kfz system, its interfaces and the security requirements derived from them, they also include requirements for conducting a penetration test. To check … [Read more…]
As part of the ISO 27001 certification process, auditors are increasingly asking to see a penetration test report. But where does this requirement come from if the word pentest or penetration test does not exist in the text of ISO 27001? ISO 27001 is the international standard for setting up and operating an ISMS (Information … [Read more…]
