Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Application Security Testing Procedures

from [Adam Tuliper] Network Security [Permanent Link]
Subject: Re: Web Application Security Testing Procedures
Date: Thu, 30 Dec 2004 12:00:10 -0500 
From a high level to start:


-Cross site scripting
-Data input validation attacks (overflows, sql injection,
etc)
-Check and validate all form/querystring/cookie values as
well as making sure your data is cleaned up and invalid
characters/strings removed.

-Banner/Error message revealing - Can information be
retrieved that helps an attacker attack your application
better.

-Denial of service possibilities stemming from any of the
above as well as DOS from repeated requests that take a
while to process (if any exist in the app). 

..
..
..


On Tue, 28 Dec 2004 12:05:49 -0500
 Lecia McCalla <lmccalla@fsl.org.jm> wrote:

Hi All,
I am currently researching Web application security with
the ultimate goal
of preparing a Web Applications Security Testing
Procedures Document.
However, since I'm a novice in the field, I'm requesting
some assistance
from the group.

Please provide suggestions and/ or guidelines as to what
should be
considered when testing security for web applications.


Regards,
Lecia McCalla
Business Analyst - Quality Management
Fiscal Services Limited
Mailto:lmccalla@fsl.org.jm
Tel: (876)927-1125-8 Extn 3815
Fax: (876)927-1810



---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Web Application Security Testing Procedures, Jeff Fedor
Next by Date:  Re: Web Application Security Testing Procedures, Saqib Ali
Previous by Thread:  Re: Web Application Security Testing Procedures, Hernán M. Racciatti
Next by Thread:  Re: Web Application Security Testing Procedures, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]