Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing Middleware Application

From: Mervyn <barcajax () gmail com>
Date: Wed, 8 Jul 2009 01:40:12 +0800
You already mentioned the obvious! XML over HTTP. Opportunity to sniff
and manipulate the traffic.

On Tue, Jul 7, 2009 at 12:17 PM, Anant Iyer<iyer.anant.r () gmail com> wrote:

Hello,

We have a middleware application to be pen-tested for security
bugs.The application serves requests from various front-end systems
(XML over HTTP) and depending on these requests, retrieves the data
from various back-end repositories.
The development team has built a front-end just for testing
(functional) this application in the UAT environment. In such a
scenario, I need some pointers on how should I perform the pentest of
this middleware application.

Regards,

Anant Iyer

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: