The other day this Senior Architect asked me about the relationship between those more technical aspects of security ... and whatever it is I think I did?
A very good question that - if poorly framed, yeah? Anyways, always ready to prove my superiority over a 'mere' architect, I gave him the following:
'Think of technology as the engine of information security? It has lots of moving parts, thingies going up and down; it's constantly being improved, updated and uprated - and it's always striving to drive information security forward...'
Welcome ladies and gentlemen, boys and girls to the first newsletter for in2securITy. A handy recap on all that has been going in the world of in2securITy and IT security in NZ.
In this issue:
* Auckland Social and Networking Event 15th March 2012 - Everyone welcome!
* Mentor Applications Open – 2nd April 2012
* Wellington Social/Hands on Event planned for 30th April/1st May
* Stanford University launch their free online Cryptography course - 12th March 2012
Stanford University (one of the most prestigious educational establishments in America) have started to offer free, online, university level courses in interesting technical subjects.
On Monday 12th March 2012, their 'Introduction to Cryptography' course commences.
Cryptography is one of the aspects of security that can seem the most daunting, particularly for those of us with less Mathematical prowess.
This course is an excellent chance to get some great training, from a world class institution - for free.
If you are a software developer you have probably attempted to at write at least one web based application at some point or other. The growth of the Internet, combined with the move towards high availability, platform agnostic tools means that the web has become the de-facto place to develop tools,per connect with an audience and to share information.
I am a firm believer that it doesn’t matter what language you decide to write your web applications in. As long as it meets your objectives and can be maintained and understood without sacrificing poultry to an un-named god (here’s looking at you Perl developers) it’s all good.
Ladies and Gents I am pleased to announce that next Thursday (15th March 2012) is the first Auckland in2securITy social event.
Come along to The Empire (http://g.co/maps/5fq3p) from 18:30 for a drink (doesn't need to be alcoholic if thats not your thing) and get to know some of your fellow participants and professionals.
Everyone welcome and its free to come along. All you need is spending money for drinks.
For more information check out the Upcoming Events page.
Getting a community like this right isn't just about a bunch of existing professionals preaching (though that is something we all enjoy from time to time).
A community project like this is also about the people starting out on their journey and how they get on.
In2securITy is all about providing encouragement, inspiration and education and what better way to do that than share our experiences.
To that end, I would like to introduce Gee.
Hola, I’m Gareth, also known as Gee. I reside in Wellington. I’m a security enthusiast looking to get a start in security.
In the final of these initial theoretical posts, we take a look at the Penetration testers methodology - the framework to which the rest of the tools and techniques covered in this blog will hang.
Though the exact methodology used by a penetration tester may change dependant on personal preference, client agreement or employer standards – all most all penetration test methodologies include the same stages.
Planning and Scoping
As you are all no doubt aware by now, in2securITy is a not-for-profit community run group. We don't sell anything and we have no magical money fairy that can help us pay for useful things (like room hire and hosting). Most of our funding so far has come from personal donations from members of the community.
That's why we are thrilled to announce that two of the most prominent penetration testing and security companies in New Zealand have kindly offered to become our sponsors for 2012-2013.
A common area for confusion for rookie pen testers is the division between ‘Vulnerability Assessments’ and ‘Penetration Tests’ so let’s have a look at these two a little more.