Network Security: Detailed info on Re: webapp dependencies

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: webapp dependencies

from [Scovetta Labs] Network Security

[Permanent Link]

Subject:	Re: webapp dependencies
Date:	Thu, 14 Apr 2005 00:07:58 -0400

Don, I'm sure something exists (or could be written easily in Perl) to scan all content for local href links and find unreferenced content. However, you might miss something, all you need is a script that says: <script> var x = prompt('enter a resource name'); window.location.href='http://server/' + x; </script>

...and then the client has control over what resources to access. (Not to mention the countless other ways that resources wouldn't be known until runtime).

The other way to do it would be to go through your web server access logs and determine all of the files that don't appear in it. You'd probably want to go back quite a while.

Hope that helps--

-Mike

Jarmon, Don R wrote:

I looking for a tool that will analysis content hosted on a web site,
identify all the webapp dependencies, and report on any non-essential
content.  The tool would run from the server.  Does such a tool exist?

--
Michael Scovetta
Scovetta Labs
www.scovettalabs.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
webapp dependencies, Jarmon, Don R Re: webapp dependencies, Scovetta Labs <= Re: webapp dependencies, victor calzado RE: webapp dependencies, Ory Segal Re: webapp dependencies, moty yacov RE: webapp dependencies, Matt Fisher RE: webapp dependencies, Amit Klein (AKsecurity) RE: webapp dependencies, Ory Segal RE: webapp dependencies, Amit Klein (AKsecurity) RE: webapp dependencies, Matt Fisher RE: webapp dependencies, Ryan C. Barnett RE: webapp dependencies, Scovetta, Michael V

Previous by Date:	RE: User ID generation, Thomas Ng
Next by Date:	Re: User ID generation, Scovetta Labs
Previous by Thread:	webapp dependencies, Jarmon, Don R
Next by Thread:	Re: webapp dependencies, victor calzado
Indexes:	[Date] [Thread] [Top] [All Lists]