Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Site Certification

from [Dean H. Saxe] Network Security [Permanent Link]
Subject: Re: Web Site Certification
Date: Thu, 27 Apr 2006 09:43:42 -0400
Don't waste your time or money. Check out some of the shopping sites that are "Hacker Safe" and you'll easily identify authorization flaws which are easily taken advantage of, such as storing the price of an item in a hidden form field.

I'm guessing that they just scan the system with some automated tools like nikto to look for any obvious issues. But the code itself may still be insecure.

-dhs

Dean H. Saxe, CEH
dean@fullfrontalnerdity.com
"To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public."
-- Theodore Roosevelt

Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd


On Apr 27, 2006, at 5:16 AM, Marco Passarella wrote:

Hi all,
what do you think about the remote services that promise your site to
be "hacker free"?
Can you really monitor remotely the security of a site using a scanner?
Here is an example:
http://www.scanalert.com/

Thanks,
Mark

---------------------------------------------------------------------- ---
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx? id=701300000007kaF
---------------------------------------------------------------------- ----




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: OT: Inserting Ads without breaking the SSL, 7269
Next by Date:  RE: Java SQL/LDAP Injections, Jayaraman, Anand X.
Previous by Thread:  Web Site Certification, Marco Passarella
Next by Thread:  Re: Web Site Certification, Nathaniel Hall
Indexes:  [Date] [Thread] [Top] [All Lists]