We have had a chance to really start building out our test environment, setting up tools such as Kioptrix, pfSense, Muttilidae, HAProxy, and more. Using these tools in our lab helps us to better understand the technology that we are testing. The best penetration testers have significant IT experience so that they are able to leverage both when testing and when explaining the concepts and mitigating controls to their clients.

We have also learned how to use tools such as lbd to determine if a system is being load balanced and Wafw00f to look for web application firewalls. Practice makes perfect, and with that in mind each and every step was defined in such a way that you could follow along and gain confidence with the technology, or just simply refresh your already significant skill set. After all, with so much to remember in the security field it is easy to fall out of practice.

We walked through using the w3af graphical user interface and then followed up with my favorite, which...