PaulDotCom mailing list archives
Re: Non-Web Application Testing
From: Matt Nels <mattnels () gmail com>
Date: Thu, 2 May 2013 11:30:20 -0500
Client side can be interesting, if you are just curious and playing around. Think tools like APIMonitor, Procmon, or OSpy..along those lines can help in inspecting/analysis. Ollydbg, binnavi, IDA, or Immunity Debugger can be used for inspecting deeper. Like Jim said, you can take it pretty far.. On Thu, May 2, 2013 at 2:23 AM, Jim Halfpenny <jim.halfpenny () gmail com>wrote:
Where to begin. Imagine all of the attack vectors and there is heaps of info out there on each one. How does the client store configuration data? What's hard coded into the program itself (strings -a client.exe)? Do you have the source code? Is data secure in transit? Where are trust and privilege defined and enforced? Is there SQL code embedded in the client? What DLLs is it loading? You could cover every thing from code review and static analysis to reverse engineering. Look up all of those topics, no one vector is the be all and end all. Combined together the body of knowledge allows you to build attacks like lego and get further than any one topic will take you. Regards, Jim On 2 May 2013 00:57, Ryan B <broadydownunder () gmail com> wrote:Hey Guys, Can anyone provide some good resources to learn more about Application Security Testing. This is more the old Client/Server Applications such as front-end Application (C#, C++, VB) and a Database Server back-end (Oracle, MSSQL). Things I can think off the top of my head is traffic analysis, connect strings in config files and vulnerability scanning the database server. If you have any resources or software recommendations I can learn more from, that would be awesome. Cheers Ryan _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Non-Web Application Testing Ryan B (May 01)
- Re: Non-Web Application Testing Jim Halfpenny (May 02)
- Re: Non-Web Application Testing Matt Nels (May 02)
- Re: Non-Web Application Testing Spectre 03 (May 02)
- Re: Non-Web Application Testing Jim Halfpenny (May 02)