Re: Pen Testing a C# desktop application with source code

["3 shool" <3shool () gmail com>]

Hello Satya,

Since it is desktop application without any webserver I think XSS
would not be applicable here. We already tried SQL injection and Blind
SQL Injection also. The application is robust at least against SQL
injection. I am using Proxy for Input Validation but not found any
medium or high risk vulnerabilities till now.. only 2 low risk
vulnerabilities are discovered till now.

Does anybody know a good document on modifying HTTP Referrer and other
headers? Thats one area untested. The application contacts Intranet
webserver for some web services.

I will find a few other things meanwhile.

PLease let me know in case you are knowing other points or things that
I can look for.

Thanx Satyashil.

On 7/19/06, satyashil rane <satyashil.rane () gmail com> wrote:
> Hi
>
> As you mentioned, code is available with you. You can test following things.
>
> SQL injection
> Cross-site scripting
> Input/data validation
> Authentication
> Authorization
> Sensitive data
> Code access security
> Exception management
> Data access
> Cryptography
> Unsafe and unmanaged code use
> Configuration
> Threading
> Undocumented public interfaces To perform above checks read following
> article.
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000027.asp
>
> Satya
> Information Security Consultant
> MIEL  e-Security Pvt. Ltd.
> India
>
>
> On 7/19/06, 3 shool < 3shool () gmail com> wrote:
> >
> Hello All,
>
> I am penetration testing a C# (.Net) desktop application with SQL
> server as the backend. The source code of the application is also made
> available to me. Here is what I have done till now:
>
> 1. Scanned using Nessus and found that application doesn't have any
> services running. It just uses Internet for some services and central
> database for storage.
>
> 2. I used Application Proxy to intercept communications to see if
> anything was suspicious but couldn't find anytrhing.
>
> 3. I didn't try Buffer Overflow attacks as it is secured by .Net itself.
>
> 4. I know the backend API's but what can be done with those?
>
> 5. I tried SQL injection but it seems to be protected even for blind
> sql injection.
>
> Till now I haven't found any vulnerability. Any idea what more can I
> do? Any other techniques? Any docs?
>
> Looking for some help from you guys.
>
> Thanx.
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to
> rise,
> you need to proactively protect your applications from hackers. Cenzic has
> the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------