We have had a chance to really start building out our test environment and setting up tools such as Kioptrix, pfSense, Mutillidae, HAProxy, and more. Using these tools in our lab helps us to better understand the technology that we are testing. The best penetration testers have significant IT experience, so that they are able to leverage both when testing and when explaining the concepts and mitigating controls to their clients.
You also learned how to use tools such as lbd
to determine if a system is being load balanced, and wafw00f
to look for web application firewalls. Practice makes perfect, and with that in mind, each and every step was defined in such a way that you could follow along and gain confidence with the technology, or just simply refresh your already significant skill set. After all, with so much to remember in the security field, it is easy to fall out of practice.
We walked through using the w3af graphical user interface and then followed up with the w3af console...