WebApp Sec mailing list archives
Re: Pentesting of Thick client and client-server applications
From: Security Auditor <auditor.sec () gmail com>
Date: Tue, 7 Jun 2011 15:15:13 +0200
I would recommend use of application testing tools like Acunetix, appscan, Netsparker, Nexpose etc to name a few and then proceed further with manual testing and validating the findings. Fuzzing is important, but then it depends on what is the base of your application. Source code review is another option which you can explore. On Tue, Jun 7, 2011 at 5:53 AM, Balaji Vasanth <balaji_vasanth14 () yahoo com> wrote:
Hi, Are there any specific set of methodologies/approaches, tools for the vulnerability testing of client-server applications and standalone apps developed in different languages? I could just think of using some TCP proxies (Echomirage, TCP Catcher etc) to intercept the client-server traffic and go ahead, debuggers like Ollydbug, WinDbg, GNU to understand the calls at client-side and some disassemblers & fuzzers (not sure on which to choose). For some thick clients communicating on Port 80/443 with the server, i am using the Fiddler plugin "Watcher". Is that good enough...? Thanks in advance Regards M. Balaji Swaminathan This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
-- Cheers, Audi This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Pentesting of Thick client and client-server applications Balaji Vasanth (Jun 07)
- Re: Pentesting of Thick client and client-server applications Irene Abezgauz (Jun 07)
- Re: Pentesting of Thick client and client-server applications Security Auditor (Jun 07)