Network Security: Detailed info on RE: webapp dependencies

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

RE: webapp dependencies

from [Amit Klein (AKsecurity)] Network Security

[Permanent Link]

Subject:	RE: webapp dependencies
Date:	Wed, 20 Apr 2005 08:26:49 +0200

On 19 Apr 2005 at 23:21, Matt Fisher wrote:


  I'd really be interested in hearing about it if anyone finds a good
tool / technique but at this point I really don't see how it could be
sufficiently performed from any client sided product such as crawlers,
scanners, accessibility testers etc.


I'd take quite a different approach. At runtim, attach to the web 
process at a low level (kernel?), e.g. strace, and log access to 
files. Then use a crawler to enumerate (to the extent possible) all 
flows through the app. This should give you the list of files 
accessed by the web server process (there are many detailed to be 
ironed out, such as server caching, spawning new proceses, etc. but I 
believe it's doable).

In the above example, once you make a hit on the page.asp, strace 
would first show the web process to read page.asp, and immediately 
thereafter page1.html.

-Amit

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
webapp dependencies, Jarmon, Don R Re: webapp dependencies, Scovetta Labs Re: webapp dependencies, victor calzado RE: webapp dependencies, Ory Segal Re: webapp dependencies, moty yacov RE: webapp dependencies, Matt Fisher RE: webapp dependencies, Amit Klein (AKsecurity) <= RE: webapp dependencies, Ory Segal RE: webapp dependencies, Amit Klein (AKsecurity) RE: webapp dependencies, Matt Fisher RE: webapp dependencies, Ryan C. Barnett RE: webapp dependencies, Scovetta, Michael V Re: webapp dependencies, Bill Pennington

Previous by Date:	Re: suggesting passwds to users, Saqib Ali
Next by Date:	Re: suggesting passwds to users, Saqib Ali
Previous by Thread:	RE: webapp dependencies, Matt Fisher
Next by Thread:	RE: webapp dependencies, Ory Segal
Indexes:	[Date] [Thread] [Top] [All Lists]