Re: Non-Web Application Testing

[Jim Halfpenny <jim.halfpenny () gmail com>]

Where to begin. Imagine all of the attack vectors and there is heaps of
info out there on each one. How does the client store configuration data?
What's hard coded into the program itself (strings -a client.exe)? Do you
have the source code? Is data secure in transit? Where are trust and
privilege defined and enforced? Is there SQL code embedded in the client?
What DLLs  is it loading?

You could cover every thing from code review and static analysis to
reverse engineering. Look up all of those topics, no one vector is the be
all and end all. Combined together the body of knowledge allows you to
build attacks like lego and get further than any one topic will take you.

Regards,
Jim


On 2 May 2013 00:57, Ryan B <broadydownunder () gmail com> wrote:

> Hey Guys,
>
> Can anyone provide some good resources to learn more about Application
> Security Testing.
>
> This is more the old Client/Server Applications such
> as front-end Application (C#, C++, VB) and a Database
> Server back-end (Oracle, MSSQL).
>
> Things I can think off the top of my head is traffic analysis, connect
> strings in config files and vulnerability scanning the database server.
>
> If you have any resources or software recommendations I can learn more
> from, that would be awesome.
>
> Cheers
>
> Ryan
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com