Penetration Testing mailing list archives
Re: Reverse proxy pen testing
From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 23 Feb 2009 15:46:37 +0100 (ora solare Europa occidentale)
On Wed, 18 Feb 2009, Gopinath U wrote:
Dear All, I am in need of procedure/tests that need to be carried out/considered during a Penetration testing of Reverse Proxy Server. I had googled a lot and found out very few tests. But still I feel that i've missed out a lot. Could someone please provide me with links/docs or procedures to carry out the same.
The following resources may be of interest: http://www.owasp.org/index.php/Testing_for_infrastructure_configuration_management_(OWASP-CM-003) http://www.isecom.org/mirror/OSSTMM_3.0_LITE.pdf http://www.modsecurity.org/documentation/Web_Application_Firewalls_-_When_Are_They_Useful.pdf http://www.metasploit.org/data/confs/blackhat2007/tactical_paper.pdf http://palisade.plynt.com/issues/2005May/reverse-proxy/ http://www.ists.dartmouth.edu/docs/labtest.pdf Also, these old threads may provide you with some additional ideas: http://seclists.org/pen-test/2007/Jan/0042.html http://seclists.org/pen-test/2007/Jan/0044.html http://seclists.org/pen-test/2007/Jan/0076.html http://seclists.org/pen-test/2007/Jan/0091.html http://seclists.org/pen-test/2005/Mar/0118.html http://seclists.org/pen-test/2005/Mar/0119.html http://seclists.org/pen-test/2004/Dec/0000.html http://seclists.org/pen-test/2002/Jun/0110.html http://seclists.org/pen-test/2002/Jun/0116.html
Thanks in Advance.
Hope this helps, -- Marco Ivaldi, OPST Lead Security Analyst Data Security Division @ Mediaservice.net Srl http://mediaservice.net/
Current thread:
- Reverse proxy pen testing Gopinath U (Feb 18)
- Re: Reverse proxy pen testing Marco Ivaldi (Feb 26)