Home page logo
/

basics logo Security Basics mailing list archives

RE: Basic security tests for web management application
From: "Sergio Castro" <sergio.castro () unicin net>
Date: Fri, 18 Apr 2008 10:37:50 -0500

Hi,

You may want to try http://www.goolag.org/ too

- Sergio 

-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En
nombre de Gleb Paharenko
Enviado el: Viernes, 18 de Abril de 2008 03:37 a.m.
Para: Ishay
CC: security-basics () securityfocus com
Asunto: Re: Basic security tests for web management application

Hi.

IMHO you should check this things which is suitable for most of
applications:
 - if web-server by it self has vulnerabilities, the quickest way is to scan
it with nikto and nessus
 - check if it possible to make actions without authorization, the quickest
way is to record admin actions with Paros and replay it with session id of
ordinary user or just without session id.
 - check csrf in a similar way
 - check the inputs for SQL injection (" and '), XSS (",',<,>)

2008/4/17, Ishay <ishaybs () gmail com>:
Hello list,

 Our product's management is done via WEB application.
 The first page of the WEB application is a login page.

 I am wondering what basic security tests (pen tests?) I need to do 
and what tools should I use.

 I will appreciate your help with it.

 Thanks,
 Ishay




--
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]