Re: Pen testing techniques
- From: "Nathan Sportsman" <nsportsman@xxxxxxxxx>
- Date: Fri, 11 Apr 2008 14:22:08 -0500
Too add to this, it is important to remember the capabilities of the
tool. Many other tools exists that perform these basic tests too, but
they are often not even sophisticated enough to identify and bypass
client side validation.
Nathan Sportsman
On Thu, Apr 10, 2008 at 3:18 PM, v3nd3rs5uck <ntpeck@xxxxxxxxx> wrote:
Even paros proxy can do the basics of XSS and injection testing and its my favorite price :)
Dude, tools are only part of the battle, I agree with Atif
--- On Wed, 4/9/08, Jason <securitux@xxxxxxxxx> wrote:
From: Jason <securitux@xxxxxxxxx>
Subject: Re: Pen testing techniques
To: "Atif Azim" <azim.atif@xxxxxxxxx>
Cc: pen-test@xxxxxxxxxxxxxxxxx
Date: Wednesday, April 9, 2008, 2:11 PM
Oh boy... let me intercept this before some others do, lol.
You cannot rely on Core or any one tool for a pen test AT
ALL. It's a
great tool but there is SO much more to pen testing than
relying on
one single tool, in fact that is the cardinal sin. You need
to follow
a methodology and use an array of tools and manual
techniques to make
sure the test is thorough. When I do a web app pen test,
the tools
never find some of the nastiness that I do manually. Never.
Web apps
are a curious breed because they are usually custom coded
in some way
so every single one is different, making standard tools
less useful.
I am not surprised by your Core Impact results, it is a
great tool but
they are new to the web app game, and it hasn't been
thoroughly
developed yet. No fault of theirs, it just hasn't
matured the way
others have. For web apps I prefer a web app vulnerability
scanner
like Cenzic Hailstorm for the automated dumb stuff like XFS
/ XSS and
basic authentication bypass. You definitely need to do
manual checks,
regardless of what the tools find. Try some injections and
authentication bypass techniques, and, well, everything
else too.
Might want to do a search for the OWASP guide, they have
great info on
web app testing.
Besides all this, have you used anything like nmap to find
open ports
and verify your results? Perhaps Core missed something. Is
a stealth
approach required to emulate a malicious hacker and
therefore your
checks need to be quiet and evade detection?
I highly recommend if you are new to this to take a course
or at least
get some good books. A person really can't jump into
pen testing like
they can jump into product deployment / administration.
Might want to search this list as well, you will find some
helpful
information I am sure.
Good luck.
-J
On Wed, Apr 9, 2008 at 3:48 PM, Atif Azim
<azim.atif@xxxxxxxxx> wrote:
Hello,doing an external
I am new to pen testing and am currently involved in
pen test for one of our clients.We are doing itthrough Core
Impact.Reconnaisance showed only port 80 as open andthe web server
running IIS 6.0.Core Impact did not find anyvulnerabilities in the
server and hence was unable to penetrate.The webapplication was also
tested for SQL Injection and PHP remote fileinclusion and did not
find any vulnerabilities there either.Core Impact for
My question is what else can we do besides relying on
this pen test.And what impression can a client get ifwe say to them
that there are no vulnerabilites in your network orweb app.Its
dificult to digest something like that for a securityspecialist that
everythings alright.------------------------------------------------------------------------
Looking forward to some great views.Thanks.
Regards,
Atif Azim
This list is sponsored by: Cenzicfast.
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities
Click to try it, buy it or download a solution FREEtoday!
------------------------------------------------------------------------
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: Pen testing techniques
- From: Jason
- Re: Pen testing techniques
- From: v3nd3rs5uck
- Re: Pen testing techniques
- Prev by Date: Re: get MD5-Hash from /etc/shadow file
- Next by Date: Re: donloading jsp for pen-test
- Previous by thread: RE: Pen testing techniques
- Next by thread: Re: Pen testing techniques
- Index(es):
Relevant Pages
|
