Re: Application Assessment
From: Glyn Geoghegan (glyng_at_corsaire.com)
Date: 08/11/05
- Previous message: Omar Herrera: "RE: Nmap/netwag problem."
- In reply to: goenw: "Application Assessment"
- Next in thread: bugtraq_at_cgisecurity.net: "Re: Application Assessment"
- Reply: bugtraq_at_cgisecurity.net: "Re: Application Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Aug 2005 11:47:58 +1000 To: goenw <goenw.mailinglist@gmail.com>
On 8 Aug 2005, at 12:53, goenw wrote:
> Hi,
>
> anybody have experience with application assessment ? I am a
> network guy, dont know much about the apps PT.
> 1. is there any tools that allow me to do the assessment throughly ?
If you're talking web-applications, check out www.owasp.org for a
wealth of information on the subject. You may also want to take a
look at the webappsec mailing list at www.securityfocus.com.
Typically, the kind of tools you'll need are the personal-proxy
category, allowing you to intercept and modify communications between
the client and server - see Paros Proxy, Odysseus and Burp Proxy, for
example.
There are fully automated tools, but in my personal experience the
manual approach has worked more effectively.
Fat client/binary assessment is a slightly different (and arguably
more complex) beast, and probably off-topic for this list.
> 2. should i have external party conduct this, what are the things i
> should expect from them (success criteria) ?
> any comments are appriciated.
That depends on how confident you are with your abilities, the
drivers for the assessment and a wealth of factors. Normally, some
coding or development background is essential to identify and
understand potential vulnerabilities.
Check out www.application-testing.com for our guide on the world of
Application Security Assessments.
-- ------------------------------------------------------- G l y n G e o g h e g a n BSc, ARCS Principal Consultant Corsaire Ltd 3 Tannery House, Tannery Lane Send, Surrey, GU23 7EF, UK UK: +44 (0)1483 226 000 http://www.corsaire.com Fax: +44 (0)1483 226 001 ------------------------------------------------------- ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
- Previous message: Omar Herrera: "RE: Nmap/netwag problem."
- In reply to: goenw: "Application Assessment"
- Next in thread: bugtraq_at_cgisecurity.net: "Re: Application Assessment"
- Reply: bugtraq_at_cgisecurity.net: "Re: Application Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
