Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: testing email based e-commerce system with .xdp extension - looking

from [Krugger] Network Security [Permanent Link]
Subject: Re: testing email based e-commerce system with .xdp extension - looking for input
Date: Mon, 11 Dec 2006 18:18:03 +0000 
So what you mean is that they use SSL to encrypt the connection,
pretty standard.
They didn't show up because SSL usually starts using port 445, and you
http proxy probably only listens to port 80. Even if it would actually
be aware of port 445 it wouldn't be useful, as it is encrypted. You
can intercept the encrypted connection with ettercap for example.
Link: http://www.irongeek.com/i.php?page=security/ettercapfilter

xpd = XML pipeline document
Link: http://razor.occams.info/code/xpd/

As you seem quite imprecise, is it really a webservice or does it only
look like one?
Link: http://www.w3.org/TR/wsdl

Check for compliance with PCI 1.1.
Link: https://www.pcisecuritystandards.org

So you been hired to verify the security of the e-commerce site?
I am always amazed :)

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  WASC Articles Project - Call for Participants, robert
Next by Date:  Re: Pen-testing - pricing model, Christine Kronberg
Previous by Thread:  testing email based e-commerce system with .xdp extension - looking for input, spammailme
Next by Thread:  Re: testing email based e-commerce system with .xdp extension - looking for input, Bojan Zdrnja
Indexes:  [Date] [Thread] [Top] [All Lists]