Penetration Testing mailing list archives
Re: OWASP Top 10 penetration testing software?
From: Zaki Akhmad <zakiakhmad () gmail com>
Date: Mon, 5 Mar 2012 18:00:22 +0700
On Wed, Feb 29, 2012 at 3:44 AM, psiinon <psiinon () gmail com> wrote:
Hi, You should be careful with scanners that claim to test "the OWASP Top Ten". For example, "Insecure Cryptographic Storage" is one of the OWASP Top Ten but this is typically only detectable server side, so no web app scanner will find it :)
So Simon, a penetration testing won't cover all? The simplest test case for this insecure cryptographic storage is by requesting a forgot password. If the web application sends your password in clear text, then you found the issue. -- Zaki Akhmad OWASP Indonesia ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: OWASP Top 10 penetration testing software? Zaki Akhmad (Mar 05)
- Re: OWASP Top 10 penetration testing software? psiinon (Mar 05)
- RE: OWASP Top 10 penetration testing software? Adam Behnke (Mar 05)
- Re: OWASP Top 10 penetration testing software? psiinon (Mar 05)