pair programming – performance monitoring 475
path disclosures, 372
payloads, 414
payment card information, 17
PBX systems, 353
DISA (Direct Inward System Access), 89,
351
security issues, 93
PCI DSS (Payment Card Industry Data
Security Standard), 34, 47, 319, 320,
325, 329, 331, 385
PDF files, 76
PEAP authentication, 93, 100, 353, 357
penetration testing, 129, 130, 133, 140, 147,
232, 279, 375
aircrack-ng, 130
application banner information, 232
ARP data, false, 89
assessment, 133
awareness issues and, 214
crystal box, 418
discovery phase, 416
FIN flag, 149
first steps, 148
fuzzing tools, 131
gray box, 131
information gathering, 226, 416
Metasploit, 144
new bugs, 136
open services, 133
operating system, 136
password hashes, 234
password-cracking, 130
planning, 380
PSH flag, 149
reporting, 150
reports, 374
social engineering, 139
tools, 136–137
training issues and, 214
URG flag, 149
web applications, 197
web-based systems, 403
performance monitoring, 214IPsec configuration, 57
speed, 160, 223
TCP traffic, 80
pair programming, 397, 439
palm scans, 368
panel antennas, 433
parabolic antennas, 263, 433
parallel tests, 436
parameter checking, 342
parameterization, 404
parol evidence rule, 412
pass-around reviews, 397
passcards, 116
passive monitoring, 135, 136, 374,
411, 434
passive scanning, 135, 373
passwords, 212
attacks, 176, 209
authentication and, 116, 233
changes, 118
changing, 245
cognitives, 262, 301, 433, 451
complexity, 112, 362
controls, 243
credential management and, 285
e-commerce, 118
hashed, 114, 306–307, 398
histories, 425
Kerberos, 107–108
number of, 437
password-cracking, 130
rainbow table attacks, 56, 211
requirements, 111
salting, 439, 444, 454
self-service password reset tools, 366
shadowed, 186, 398, 419
storage, 365
PASTA threat model, 24, 326
PAT (Port Address Translation), 426
patches, 155, 184, 383
testing, 181
verification, 274
patents, 13, 319, 323, 416, 424