Re: Reverse proxy pen testing

[Marco Ivaldi <raptor () mediaservice net>]

On Wed, 18 Feb 2009, Gopinath U wrote:

> Dear All,
>
> I am in need of procedure/tests that need to be carried out/considered
> during a Penetration testing of Reverse Proxy Server. I had googled a
> lot and found out very few tests. But still I feel that i've missed
> out a lot. Could someone please provide me with links/docs or
> procedures to carry out the same.

The following resources may be of interest:

http://www.owasp.org/index.php/Testing_for_infrastructure_configuration_management_(OWASP-CM-003)
http://www.isecom.org/mirror/OSSTMM_3.0_LITE.pdf
http://www.modsecurity.org/documentation/Web_Application_Firewalls_-_When_Are_They_Useful.pdf
http://www.metasploit.org/data/confs/blackhat2007/tactical_paper.pdf
http://palisade.plynt.com/issues/2005May/reverse-proxy/
http://www.ists.dartmouth.edu/docs/labtest.pdf

Also, these old threads may provide you with some additional ideas:

http://seclists.org/pen-test/2007/Jan/0042.html
http://seclists.org/pen-test/2007/Jan/0044.html
http://seclists.org/pen-test/2007/Jan/0076.html
http://seclists.org/pen-test/2007/Jan/0091.html
http://seclists.org/pen-test/2005/Mar/0118.html
http://seclists.org/pen-test/2005/Mar/0119.html
http://seclists.org/pen-test/2004/Dec/0000.html
http://seclists.org/pen-test/2002/Jun/0110.html
http://seclists.org/pen-test/2002/Jun/0116.html

> Thanks in Advance.

Hope this helps,

--
Marco Ivaldi, OPST
Lead Security Analyst     Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/