Network Security: Detailed info on Re: Re: Basic security tests for web management application

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Re: Basic security tests for web management application

from [jason . gerfen] Network Security

[Permanent Link]

Subject:	Re: Re: Basic security tests for web management application
Date:	18 Apr 2008 13:03:52 -0000

Well you would probably want to validate any and all of the following outside 
input variables:

Anything dealing with the URI
Any forms dealing with POST/GET/REQUEST processing methods

Some simple manual tests can be done with the following examples:

Say you are wanting to check a URI for cross site scripting: 
http://www.example.com/?<script>alert('hi')</script> or 
http://www.example.com/?<script>document.write(document.cookie))</script>

Now say your application deals with authentication through a standard web form 
with an SQL database storing your user credentials:
1' UNION SELECT * FROM user; <-use that in a field 

I gave you two very simple examples which if coded correctly your application 
should reject. For more information regarding the following attack vectors do a 
google search for XSS/SQL Injection attacks.

HTH, Jas

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Basic security tests for web management application, Ishay Re: Basic security tests for web management application, Adam Pal Re: Basic security tests for web management application, Gleb Paharenko RE: Basic security tests for web management application, Sergio Castro Re: Re: Basic security tests for web management application, jason . gerfen <=

Previous by Date:	Re: Basic security tests for web management application, Gleb Paharenko
Next by Date:	RE: Basic security tests for web management application, Sergio Castro
Previous by Thread:	RE: Basic security tests for web management application, Sergio Castro
Next by Thread:	Security Trend Analysis, phion wong
Indexes:	[Date] [Thread] [Top] [All Lists]