Security Basics mailing list archives

Re: Basic security tests for web management application

From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Fri, 18 Apr 2008 11:36:32 +0300

Hi.

IMHO you should check this things which is suitable for most of applications:
 - if web-server by it self has vulnerabilities, the quickest way is
to scan it with nikto and nessus
 - check if it possible to make actions without authorization, the
quickest way is to record admin actions with Paros and replay it with
session id of ordinary user or just without session id.
 - check csrf in a similar way
 - check the inputs for SQL injection (" and '), XSS (",',<,>)

2008/4/17, Ishay <ishaybs () gmail com>:

Hello list,

 Our product's management is done via WEB application.
 The first page of the WEB application is a login page.

 I am wondering what basic security tests (pen tests?) I need to do and what
tools should I use.

 I will appreciate your help with it.

 Thanks,
 Ishay



-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com

Current thread:

Basic security tests for web management application Ishay (Apr 17)
- Re: Basic security tests for web management application Adam Pal (Apr 17)
- Re: Basic security tests for web management application Gleb Paharenko (Apr 18)
  - RE: Basic security tests for web management application Sergio Castro (Apr 18)
- <Possible follow-ups>
- Re: Re: Basic security tests for web management application jason . gerfen (Apr 18)