Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: webapp dependencies

from [Bill Pennington] Network Security [Permanent Link]
Subject: Re: webapp dependencies
Date: Wed, 20 Apr 2005 14:00:33 -0700
Just to jump in here, spidering isn't going to do it either. I have been finding more an more functionality the is only exposed via other "interfaces" like e-mail. A good example is registering on a site or ordering a product that generates a link sent to the user via email. These links can't be spidered with a crawler.

Still the strace method with spidering is pretty good.


On Apr 20, 2005, at 12:36 PM, Scovetta, Michael V wrote:

I agree, this is a cool idea-- just one caveat-- you can't guarantee
that your get 100% coverage (What if you have an admin section, and
someone only goes there once a year?) You could probably combine this
approach with a web-spidering application, and then manually go through
and see about special pages, or password protected sections.

Michael Scovetta
Computer Associates
Senior Application Developer


-----Original Message-----
From: Matt Fisher [mailto:mfisher@spidynamics.com]
Sent: Wednesday, April 20, 2005 2:13 AM
To: Amit Klein (AKsecurity); Ory Segal; Jarmon, Don R;
webappsec@securityfocus.com
Cc: wasc-technical@webappsec.org
Subject: RE: webapp dependencies

That's not a bad idea. Capturing at a lower level would indeed give
more details. I don't think I've ever used strace. Would the output be
relatively clean ? Ie, not too much work to filter the wheat from the
chaffe ?



-----Original Message-----
From: Amit Klein (AKsecurity) [mailto:aksecurity@hotpop.com]
Sent: Wednesday, April 20, 2005 2:27 AM
To: Ory Segal; Jarmon, Don R; webappsec@securityfocus.com; Matt Fisher
Cc: wasc-technical@webappsec.org
Subject: RE: webapp dependencies

On 19 Apr 2005 at 23:21, Matt Fisher wrote:


I'd really be interested in hearing about it if anyone
finds a good
tool / technique but at this point I really don't see how
it could be
sufficiently performed from any client sided product such
as crawlers, 
scanners, accessibility testers etc.


I'd take quite a different approach. At runtim, attach to the
web process at a low level (kernel?), e.g. strace, and log
access to files. Then use a crawler to enumerate (to the
extent possible) all flows through the app. This should give
you the list of files accessed by the web server process
(there are many detailed to be ironed out, such as server
caching, spawning new proceses, etc. but I believe it's doable).

In the above example, once you make a hit on the page.asp,
strace would first show the web process to read page.asp, and
immediately thereafter page1.html.

-Amit






---
Bill Pennington, CISSP, CCNA
VP Services
WhiteHat Security Inc.
http://www.whitehatsec.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: suggesting passwds to users, SecurityFocus
Next by Date:  Java keystore password storage, john bart
Previous by Thread:  RE: webapp dependencies, Scovetta, Michael V
Next by Thread:  suggesting passwds to users, James Barkley
Indexes:  [Date] [Thread] [Top] [All Lists]