Re: auditing web/mail proxies



Hello All,

Maybe this can help you: (in spanish, but easy to understand)
http://www.securitybydefault.com/2011/12/analisis-de-seguridad-de-un-proxy-web.html

Google translate:
http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.securitybydefault.com%2F2011%2F12%2Fanalisis-de-seguridad-de-un-proxy-web.html

Regards,



On Sun, Dec 11, 2011 at 01:54, Brian Quick <brian.e.quick1@xxxxxxxxx> wrote:
Here is a great checklist to begin with a general list.
http://mdsec.net/wahh/tasks.html

BEQ

On Mon, Dec 5, 2011 at 3:21 AM, cribbar <crib.bar@xxxxxxxxxxxxx> wrote:

Hey all,

Has anyone ever audited a proxy during a pen test/IT audit or as an audit on
itself? If so do you have a scope of what kind of checks you reviewed, or a
checklist? The proxy software in question is web sense which addresses both
email filtering and web filtering. Or any tools that can automate the
process most welcome. Look forward to your responses – I couldn’t find to
many resources on proxy auditing.

Kind Regards
Cb
--
View this message in context: http://old.nabble.com/auditing-web-mail-proxies-tp32916010p32916010.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




--
Alejandro Ramos
http://twitter.com/aramosf

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Cell Phone Viruses
    ... manufacture's website will usually result in a free dev kit download. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Pentesting lab
    ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentesting lab
    ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: auditing web/mail proxies
    ... Has anyone ever audited a proxy during a pen test/IT audit or as an audit on ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)