reg protocol based pen-testing
From: Mayank-Bhatnagar (mayank_at_ncb.ernet.in)
Date: 10/09/03
- Previous message: Anish: "Re: Re: Wireless Pent-Test"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Oct 2003 17:16:23 +0530 (IST) To: <pen-test@securityfocus.com>
hi folks,
well, with the current discussion going on with penetration testig
webservers...I would like to add my own issues......
There are "prtocol scrubbers"(some jargon for these tools) exisiting which
analyse session/packet details for that particular protocol.say for
example its HTTP protocol, then a HTTP protocol scrubber would check
whether the packets, messages are comlying with HTTP ie well formed or
not.....these techniques are mainly applied in many IDS systems......
1) I wanted to know how does these type of tools work....what methodology
they apply....on what basis they check HTTP traffic......some examples
would definitely be helpful......
2) Whether the working of such tools really help building pen testing
tools for webservers.....
thanks
Mayank
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
- Previous message: Anish: "Re: Re: Wireless Pent-Test"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
