Android  is a Linux based operating system, developed by Google. Like the other Linux OS that very advance in the security (such as Backtrack Linux), we can change an Android smartphone into a pentest tool or a network analysis device. Android pentest has two different ways to try it, first install a Linux distro plus installed network penetration testing tools like my post before (Install Backtrack on Android) or transform the Android smartphone to pen-testing device so we can use it as Android pentest. In this post I will use the last option, change Android device become pen-testing device (Android Pentest).

Penetration testing is a legal and authorized attempt to exploit computer systems for the purpose of making the computer systems more secure. This Backtrack Penetration Testing Tutorial is a penetration testing tutorial using Backtrack Linux. Backtrack is the best penetration testing distribution. Offers some penetration testing programs and these programs will used in this Backtrack Penetration Testing Tutorial. The results of penetration testing are addressing the vulnerabilities in the computer system and also particular recommendations for fixing the vulnerabilities. Penetration testing is used to protect the computer systems and networks from attackers (Black Hat Hacker).

Hacker can gather lots of information just by identifying a domain name of the website. Yes you are right, Information Gathering Using Domain Name. Domain name is a system where we provide a hostname which is automatically converted into the real IP address, so people don’t need remember the IP address, just the domain name or DNS address. When gathering information from a domain name, the first thing need to do is WHOIS. A domain name stores the information about the registered user of domain name itself, IP address, IP address range, and etc. Not only that, with WHOIS we can get the information about domain’s registrant, his contacts, his address, when the domain will expire, etc.

Backtrack is a most popular Linux distribution used for Penetration testing and Security Auditing. Now the latest Backtrack version is Backtrack 5 R3 with some new features. A lot of hacker use Backtrack as their Operating System. I think this is the best operating system for hacker. Backtrack is a Linux so if you want learn using Backtrack be sure you learn the command line of linux. There are many tools in Backtrack, there are penetration tools, information gathering tools, forensics tools, and other powerful tools (about 360 tools).

There are lots of vulnerabilities in the web applications today. One of the most popular web application vulnerability is Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) is one of the top 10 Web Application Security Risks for 2010 by OWASP. So what is Cross-Site Scripting (XSS)?  Cross-Site Scripting (XSS) is one of the injection technique, like sql injection. But Cross-Site Scripting (XSS) injects a malicious scripts like VB, JS, etc. The malicious scripts are injected into a trusted web site.