Penetration Testing mailing list archives
Re: A new Start
From: kartsios_list () secureinfohighway com
Date: 21 Jun 2006 16:14:48 -0000
What you are talking about (port 8401 open with telnet access, mysql running and apache with urchin5) could lead you to a penetration testing of the server.. But to perform a penetration test for the web application you must follow a different approach, such as source code auditing, file injection, sql injection etc.. Talking about this could take a lot of space so it is easier to direct you to some papers that already exist on the net and could be a helpfull start for you. Some of them in securityfocus are Common security vulnerabilities in e-commerce systems in www.securityfocus.com/infocus/1775 Penetration testing for web applications part one two and three in www.securityfocus.com/infocus/1704 1709 and 1722 respectively. In addition you can also go for some tools of the trade by the form of freeware or even trial if you want to try them out.. Such tools could be appdetective or similar.. that tests both the application and the db backend.. Now if you want to follow a more hands-on approach, as it concernes DOS attacks or malformed input, sql injection etc. You must identify all input methods to your application and then try input validation on it.(malformed input, too large, too small,not expected input..etc.) Vasilis Kartsios Information Security Analyst _____________________ Secure Information Highway B.Georgiou 20A 55132 Thessaloniki, Greece _____________________ Tel.: +30 (2310)=A0887889 Fax.: +30 (2310)=A0850265 www.secureinfohighway.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- A new Start tehseen sagar (Jun 19)
- <Possible follow-ups>
- Re: A new Start kartsios_list (Jun 21)