Re: Info about attack trees

[Yiannis Koukouras <ikoukouras () gmail com>]

Hi Federico,

I think this will be a good starting point:
http://vulnerabilityassessment.co.uk/Penetration%20Test.html

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras


On Thu, May 24, 2012 at 10:49 PM, Federico De Meo <demeof () gmail com> wrote:
> Hellp everybody, I'm new to this malinglist and to pen-testing.
> I'm here to learn and I'm starting with a question :)
>
> I'm looking for some informations about attack trees usage in web application analysis.
>
> For my master thesis I decided to study the usage of this formalism in order to reppresent attacks to a web 
> applications.
> I need a lot of use cases from which to start learning common attacks which can help building a proper tree.
>
> From where can I start?
>
> I've already read the OWASP top 10 vulnerabilities an I'm familiar with XSS, SQLi, ecc. however I've no clue on how 
> to combine them together in order to perform the steps needed to attack a system. I'm looking for some examples and 
> maybe to some famous attacks from which I can understand which steps are performed and how commons vulnerabilities 
> can being combined together. Any help is really appreciated.
>
>
>
> ------------------------------
> Federico De Meo

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------