Abstract

In a penetration test the focus of the tester is usually on the offensive techniques. Passive vulnerability analysis largely looked over as it is not exactly considered as ‘sexy’ like getting a remote command shell or dumping the server-side database. However passive analysis should be an integral part of the security testing process. In this talk you will see how passive analysis can help improve the breadth and depth of your test coverage, the techniques used to perform passive analysis along with live demos