Penetration Testing mailing list archives
Re: Pen Testing a C# desktop application with source code
From: "Xman Security" <xmansecurity () gmail com>
Date: Thu, 20 Jul 2006 12:56:27 -0700
Hi, Have you perform any pen-tests agains those Intranet web services? This looks like another weak point for me. Some areas might be interesting to try are: How this desktop application authenticate to the web services? Is there any sensitive information such as passwords and keys in the desktop application source code or compiled binaries. Are there any high privileged web methods (admin functions) available on these services? How does the web services implements access control? Is there any XML injection related issues in web services? How about SQL injection through web services? Is it possible to intercept and forge results from the web services to manipulate the behaviors of the desktop application? How is the communcation between the desktop application and the web services protected? To modify HTTP headers, the best document would be HTTP protocol RFC. If it is web services, you might be interested to look at SOAP over HTTP documents. There are other tools such as burpproxy and webscrab from OWASP can help modifying HTTP requests as well. Hope this is helpful, Regards, -Xiaoyong On 7/19/06, 3 shool <3shool () gmail com> wrote:
Hello Satya, Since it is desktop application without any webserver I think XSS would not be applicable here. We already tried SQL injection and Blind SQL Injection also. The application is robust at least against SQL injection. I am using Proxy for Input Validation but not found any medium or high risk vulnerabilities till now.. only 2 low risk vulnerabilities are discovered till now. Does anybody know a good document on modifying HTTP Referrer and other headers? Thats one area untested. The application contacts Intranet webserver for some web services. I will find a few other things meanwhile. PLease let me know in case you are knowing other points or things that I can look for. Thanx Satyashil. On 7/19/06, satyashil rane <satyashil.rane () gmail com> wrote: > Hi > > As you mentioned, code is available with you. You can test following things. > > SQL injection > Cross-site scripting > Input/data validation > Authentication > Authorization > Sensitive data > Code access security > Exception management > Data access > Cryptography > Unsafe and unmanaged code use > Configuration > Threading > Undocumented public interfaces To perform above checks read following > article. > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000027.asp > > Satya > Information Security Consultant > MIEL e-Security Pvt. Ltd. > India > > > On 7/19/06, 3 shool < 3shool () gmail com> wrote: > > > Hello All, > > I am penetration testing a C# (.Net) desktop application with SQL > server as the backend. The source code of the application is also made > available to me. Here is what I have done till now: > > 1. Scanned using Nessus and found that application doesn't have any > services running. It just uses Internet for some services and central > database for storage. > > 2. I used Application Proxy to intercept communications to see if > anything was suspicious but couldn't find anytrhing. > > 3. I didn't try Buffer Overflow attacks as it is secured by .Net itself. > > 4. I know the backend API's but what can be done with those? > > 5. I tried SQL injection but it seems to be protected even for blind > sql injection. > > Till now I haven't found any vulnerability. Any idea what more can I > do? Any other techniques? Any docs? > > Looking for some help from you guys. > > Thanx. > > ------------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Concerned about Web Application Security? > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's > Choice Award from eWeek. As attacks through web applications continue to > rise, > you need to proactively protect your applications from hackers. Cenzic has > the > most comprehensive solutions to meet your application security penetration > testing and vulnerability management needs. You have an option to go with a > managed service (Cenzic ClickToSecure) or an enterprise software > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can > help you: http://www.cenzic.com/news_events/wpappsec.php > And, now for a limited time we can do a FREE audit for you to confirm your > results from other product. Contact us at request () cenzic com for details. > ------------------------------------------------------------------------------ > > > ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Pen Testing a C# desktop application with source code 3 shool (Jul 18)
- Message not available
- Re: Pen Testing a C# desktop application with source code 3 shool (Jul 18)
- Re: Pen Testing a C# desktop application with source code Jeffrey Rivero (Jul 19)
- Re: Pen Testing a C# desktop application with source code 3 shool (Jul 18)
- Message not available
- Message not available
- Re: Pen Testing a C# desktop application with source code 3 shool (Jul 19)
- Re: Pen Testing a C# desktop application with source code Xman Security (Jul 20)
- Re: Pen Testing a C# desktop application with source code 3 shool (Jul 19)