Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Penetration Testing Content on InfoQ


RSS Feed
  • AWSGoat Open-Source Project for Pen Testing AWS Cloud Solutions

    AWSGoat is a vulnerable-by-design infrastructure on AWS, featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. It mimics real-world infrastructure with additional flaws and uses a black-box approach, including multiple escalation paths.

  • Remotely Exploitable GlibC DNS Bug Discovered

    A recently discovered buffer overflow in the DNS resolution of GLibC, which has been present since 2008, has the potential to be remotely exploitable and crash a significant number of Linux applications. InfoQ investigates.

  • Security Assessment Techniques: Code Review v Pen Testing

    Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.