Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: webapp dependencies

from [Ryan C. Barnett] Network Security [Permanent Link]
Subject: RE: webapp dependencies
Date: Wed, 20 Apr 2005 05:59:16 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You could use something like SNARE
(http://www.intersectalliance.com/ and have it log all file
opens/reads for the web server account user.

I have run this previously to help identify files needed for
chrooting.

Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GCUX, GSEC

On Tue, 19 Apr 2005 23:13:03 -0700 Matt Fisher
<mfisher@spidynamics.com> wrote:

That's not a bad idea.  Capturing at a lower level would indeed
give
more details.  I don't think I've ever used strace.  Would the
output be
relatively clean ? Ie, not too much work to filter the wheat from
the
chaffe ?




-----Original Message-----
From: Amit Klein (AKsecurity) [mailto:aksecurity@hotpop.com]
Sent: Wednesday, April 20, 2005 2:27 AM
To: Ory Segal; Jarmon, Don R; webappsec@securityfocus.com; Matt

Fisher

Cc: wasc-technical@webappsec.org
Subject: RE: webapp dependencies

On 19 Apr 2005 at 23:21, Matt Fisher wrote:



  I'd really be interested in hearing about it if anyone

finds a good

tool / technique but at this point I really don't see how

it could be

sufficiently performed from any client sided product such

as crawlers,

scanners, accessibility testers etc.



I'd take quite a different approach. At runtim, attach to the
web process at a low level (kernel?), e.g. strace, and log
access to files. Then use a crawler to enumerate (to the
extent possible) all flows through the app. This should give
you the list of files accessed by the web server process
(there are many detailed to be ironed out, such as server
caching, spawning new proceses, etc. but I believe it's doable).

In the above example, once you make a hit on the page.asp,
strace would first show the web process to read page.asp, and
immediately thereafter page1.html.

-Amit


-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkJmUiQACgkQ0C5r6NXO9mLlqwCdEvgMcY2J7jaWyQmbUeQ+e9LcHFwA
niXHdvCA2mxZiyDcp1ByUMrWW+di
=yQxz
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: webapp dependencies, Matt Fisher
Next by Date:  Re: suggesting passwds to users, Kelly John Rose
Previous by Thread:  RE: webapp dependencies, Matt Fisher
Next by Thread:  RE: webapp dependencies, Scovetta, Michael V
Indexes:  [Date] [Thread] [Top] [All Lists]