1) 2 -3 years of experience in information technology or security

2) Strong communications skills, both written and oral

3) Excellent system analysis techniques and analytical skills required
4) Professional security related qualification (i.e. GCIH, CEH, ECSA etc) will be an
advantage
5) A good technical knowledge in Information security and network security required. (i.e.
firewalls, IDS, IPS, VPN, TCPIP protocols)
6) Knowledge of attack anatomy and of incident response lifecycle
7) Passion for identifying security weaknesses across a variety computer systems

incident response lifecycle

What is a vulnerability?
API Abuse
Authentication Vulnerability
Authorization Vulnerability
Availability Vulnerability
Code Permission Vulnerability
Code Quality Vulnerability
Configuration Vulnerability
Cryptographic Vulnerability
Encoding Vulnerability
Environmental Vulnerability
Error Handling Vulnerability
General Logic Error Vulnerability
Input Validation Vulnerability
Logging and Auditing Vulnerability
Password Management Vulnerability
Path Vulnerability
Protocol Errors
Range and Type Error Vulnerability
Sensitive Data Protection Vulnerability
Session Management Vulnerability
Synchronization and Timing Vulnerability
Unsafe Mobile Code
Use of Dangerous API

A vulnerability is a hole or a weakness in the application, which can be a design flaw or an

implementation bug, that allows an attacker to cause harm to the stakeholders of an application.
Stakeholders include the application owner, application users, and other entities that rely on the
application. The term "vulnerability" is often used very loosely. However, here we need to
distinguish threats, attacks, and countermeasures.

Cryptographic Vulnerability
This category is for tagging vulnerabilities that related to cryptographic modules.

Examples

Algorithm Problems

Insecure Algorithm

Use algorithms that are proven flawed or weak (DES, 3DES, MD5, Sha1,
AES, Blowfish, Diffie Hellman)

Choose the wrong algorithm

Use hash function for encryption

Use encryption algorithm for hashing

Inappropriate use of an algorithm

Use insecure encryption modes (DES EBC)

Initial vector is not random

Implementation errors

Use non-standard (home-grown) algorithms

Use non-standard cryptographic implementations/libraries

Key Management Problems

Weak keys

Too short or not random enough

Use human chosen passwords as cryptographic keys

Key disclosure

Keys not encrypted during storage or transmission

Keys not cleaned appropriately after use

Keys Hard-coded in the code or stored in configuration files

Key updates

Allow keys aging

Random Number Generator (RNG) Problems

Poor random number generators (c: rand(), Java: java.util.Random())

Forget to seed the random number generator

Use the same seed for the random number generator every time

Sniffing

Vulnerability scanning tools:

Port scanner (e.g. Nmap)

Network vulnerability scanner (e.g. Nessus, SAINT, OpenVAS)

Web application security scanner (e.g. Nikto, w3af)

Database security scanner (e.g. Scuba database scanner)

Host based vulnerability scanner (Lynis, ovaldi)

ERP security scanner

Single vulnerability tests

Web Application Vulnerability Scanners are the automated tools that scan web applications to
look for known security vulnerabilities such as cross-site scripting, SQL injection, command
execution, directory traversal and insecure server configuration. A large number of both
commercial and open source tools are available and and all these tools have their own strengths
and weaknesses.

Category: Vulnerability Scanning Tools

Description
Web Application Vulnerability Scanners are the automated tools that scan web applications to look for
known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory
traversal and insecure server configuration. A large number of both commercial and open source tools are
available and and all these tools have their own strengths and weaknesses.
Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is
to extend this listing to provide information about each tool's strengths and weaknesses to enable you to
make an informed decision about the selection of a particular tool to meet your requirements.

Disclaimer: The tools listing in the table below has been presented in an alphabetical order. OWASP does
not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every
effort to put this information as accurately as possible. If you are the vendor of a tool below and think that
this information is incomplete or incorrect, please send an e-mail to our mailing list and we will make
every effort to correct this information.

Tools Listing
Name

Owner

Acunetix WVS

Acunetix

AppScan

IBM

Licence

Commercial / Free
(Limited Capability)

Commercial

Platforms

Windows

Windows

Name

Owner

AVDS

Beyond Security

Burp Suite

PortSwiger

Contrast

Contrast Security

GamaScan

GamaSec

Licence

Commercial / Free
(Limited Capability)

Platforms

N/A

Commercial / Free

Most platforms

(Limited Capability)

supported

Commercial / Free
(Limited Capability)

Commercial

SaaS or On-Premises

Windows

Python 2.4,
Grabber

Romain Gaucher

Open Source

BeautifulSoup and
PyXML

Windows, Linux and

Grendel-Scan

David Byrne

Open Source

Hailstorm

Cenzic

Commercial

Windows

IKare

ITrust

Commercial

N/A

N-Stealth

N-Stalker

Commercial

Windows

Netsparker

MavitunaSecurity

Commercial

Windows

NeXpose

Rapid7

Commercial / Free
(Limited Capability)

Macintosh

Windows/Linux

Name

Owner

Licence

Platforms

Nikto

CIRT

Open Source

Unix/Linux

NTOSpider

NT OBJECTives

Commercial

Windows

ParosPro

MileSCAN

Commercial

Windows

Proxy.app

Websecurify

Commercial

Macintosh

QualysGuard

Qualys

Commercial

N/A

Retina

BeyondTrust

Commercial

Windows

Securus

Orvant, Inc

Commercial

N/A

Sentinel

WhiteHat Security

Commercial

N/A

Vega

Subgraph

Open Source

Wapiti

Informtica Gesfor Open Source

WebApp360

TripWire

Commercial

Windows

WebInspect

HP

Commercial

Windows

SOATest

Parasoft

Commercial

Windows / Linux / Solaris

Windows, Linux and

Macintosh

Windows, Unix/Linux
and Macintosh

Name

Trustkeeper Scanner

WebReaver

WebScanService

Owner

Trustwave
SpiderLabs

Websecurify

German Web
Security

Licence

Platforms

Commercial

SaaS

Commercial

Macintosh

Commercial

N/A

Commercial / Free

Windows, Linux,

(Limited Capability)

Macintosh

Websecurify Suite

Websecurify

Wikto

Sensepost

Open Source

Windows

OWASP

Open Source

Windows

Xenotix XSS Exploit

Framework

Windows, Unix/Linux
Zed Attack Proxy

OWASP

Open Source

and Macintosh

Holders of
CISSP certifications can earn additional certifications in areas of specialty. There are three
possibilities: 1. Information Systems Security Architecture Professional(CISSP-ISSAP)
2. Information Systems Security Engineering Professional (CISSP-ISSEP) 3. Information
Systems Security Management Professional (CISSP-ISSMP)

Certification subject matter[edit]

The CISSP curriculum covers subject matter in a variety of Information Security topics.[8] The
CISSP examination is based on what (ISC) terms the Common Body of Knowledge (or CBK).
According to (ISC), "the CISSP CBK is a taxonomy a collection of topics relevant to
information security professionals around the world. The CISSP CBK establishes a common
framework of information security terms and principles that allow information security
professionals worldwide to discuss, debate and resolve matters pertaining to the profession with
a common understanding."[9]
The CISSP certification covers the following ten domains:[8][9]
1. Access control
2. Telecommunications and network security
3. Information security governance and risk management
4. Software development security
5. Cryptography
6. Security architecture and design
7. Operations security
8. Business continuity and disaster recovery planning
9. Legal, regulations, investigations and compliance
10.Physical (environmental) security

(ISC) is now[when?] releasing the Third Edition Official Guide to the CISSP CBK one domain at a
time on iTunes and for the Kindle.[10] The entire book is also now available in hard copy.