One of the most common topics of conversations I have with IT auditors and Security Professionals (especially people new to the field) is about ethical hacking and penetration testing.

What most of these individuals fail to realize is that ethical hacking and penetration testing is a highly technical and diverse subject that typically requires subject matter expertise and specific knowledge of known vulnerabilities and exploits. Basically – the hacking game is typically a different game that IT Auditing. That isn’t to say, however, that there is no cross-over or that it isn’t valuable to know the basics.

The guide to follow should provide the IT Auditor or Security Practitioner with the basic skills and vocabulary to move forward in the ethical hacking/penetration testing space.

Table of Contents:

1. Cross Site Scripting (XSS)
2. SQL Injection and Injection Flaws
3. Malicious File Execution

Other Resources:

1. NetSecNow – Video series on ethical hacking and pen test techniques.
2. OWASP – The Open Web Application Security Project Appsec video tutorials.

Note: This guide is a work in progress and we will continue to add to this list.