Penetration Testing mailing list archives
[PEN-TEST] Unlikely Auditing Tool
From: "Gallicchio, Florindo (2007)" <florindo.gallicchio () ESAVIO COM>
Date: Sat, 2 Dec 2000 12:39:13 -0500
Before someone volunteers to tell me that I'm stating the obvious, I'll let you know that I'm probably stating the obvious to some, and not to others! I was doing some routine maintenance on my home computer today when I noticed something interesting in the logs of my Norton Internet Security Family Edition software. The software not only logs the individual sites surfed, but also each individual script that is called. Naturally, the more you allow (Java, active scripting, etc.), the more that will show up in the logs. So, I decided to browse the Web site of a current assessment client, and lo and behold, I found a script that I had not found earlier using other tools (whisker, etc.). Thinking this was a fluke, I browsed another client. Again, I found some scripts that I had already found with whisker and other tools. I could have found (and would have found) these scripts by doing more thorough page source reviews and such, but so far I think I may have found an easier way to at least begin a Web site review. Just browse the client's Web site and click on every link, then check the logs for the scripts that were called up. This is *not*, of course, the only means of profiling a Web site, but it just may be a good first start. Florindo Florindo Gallicchio VP, Business Development, Information Security esavio florindo.gallicchio () esavio com
Current thread:
- [PEN-TEST] Unlikely Auditing Tool Gallicchio, Florindo (2007) (Dec 03)