Hi
> >They're using Hibernate, so I'm discarding SQL injection vulnerabilities.
You can check for these in the Hibernate layer because these can
cause SQL injections :
1)Are Native SQL queries contain directly user entered data.
2)Are Dynamic queries generated by Hibernate for hitting the DB are
not bounded to DB parameters.
>Because they developed a client of their own instead of using a Web browser
You cant trust a Home grown Client is it Flash or applet check how
client reacts when you change the versions (Flash9 to 8 or JRE 1.4 to
1.5 etc ).
How is the signing of applet taking place if the client is Java based
if what is the error thrown when cert is self signed etc .
My .2 cents of pentesting
AK
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on Oct 04 2007
Intro
