Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Steps taken During a Web App Pentest
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Mon, 08 Jun 2009 11:53:29 -0400

I think the most important tool is the one between your ears :)

Seriously, the best web application bugs are found by using the web
application, understanding what it does (preferably browse to all
functionality through your favorite web app proxy like webscarab), then
coming up with scenarios that might break it.  Once you understand those
scenarios you can find/write tools to help execute your attack.

However, you may also want to use some automated tools that will find
some points to start your manual testing.  This is a different phase of
the test, but an important one.  I would use tools such as Nikto,
grendel-scan, web spider, w3af, etc.. for this type of testing.

Cheers,
Paul

infolookup at gmail.com wrote:
Thanks for the feed back so far anyone else wants to state what testing
framework or tools the are using preferably open source.

Once I am finish the initial testing my next steps will be to lock it
done, configure some sort of self sign cert for apache to use ssl
instead of the native http for starters.

Sent from my Verizon Wireless BlackBerry

------------------------------------------------------------------------
*From*: Johan Peder M?ller
*Date*: Mon, 8 Jun 2009 15:53:49 +0200
*To*: <infolookup at gmail.com>; PaulDotCom Security Weekly Mailing
List<pauldotcom at mail.pauldotcom.com>
*Subject*: Re: [Pauldotcom] Steps taken During a Web App Pentest

Hi

Given your "no buget" constraint, I'd go with something like OWASP Live
CD (http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project).

If you have a basic understanding of how web appls work, and how to
attack them this should give you a starting point. As for the
completeness of scannings I can't say. I myself is in the process of
evaluating.

rgds
Johan M?ller


On Sat, Jun 6, 2009 at 8:55 PM, <infolookup at gmail.com
<mailto:infolookup at gmail.com>> wrote:

    Hello All:

    I am task with doing a basic web app pentest of a server that we are
    about to given external users access too.

    Background:

    I work for a university no security department, no budget to hire a
    auditor.

    We are about to put one of our training servers on our DMZ this way
    Faculty and Staff members can access it from home for  Microsoft and
    other application video tutorials.


    Since my boss is aware that I am interested in infosec I was given
    the green light to test the app/server and report back anything that
    can aid in locking it down.

    Question:

    Since there are so much tools and ways to go about this I would like
    to know how do others go about a web app pentest, don't have to give
    away any trade secrets  :)-.

    I am just looking for an efficient way to go about this!


    Specs:

    OS: Windows 2003 running in a VMware, ESX 3.5.

    Application:  Training package, with a bundled windows version of a
    LAMP setup.

    Acess Method: http.

    Thanks in advance.
    Sent from my Verizon Wireless BlackBerry
    _______________________________________________
    Pauldotcom mailing list
    Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
    http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: http://pauldotcom.com



------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]