|
Penetration Testing
mailing list archives
Re: Testing Middleware Application
From: Mervyn <barcajax () gmail com>
Date: Wed, 8 Jul 2009 01:40:12 +0800
You already mentioned the obvious! XML over HTTP. Opportunity to sniff
and manipulate the traffic.
On Tue, Jul 7, 2009 at 12:17 PM, Anant Iyer<iyer.anant.r () gmail com> wrote:
Hello,
We have a middleware application to be pen-tested for security
bugs.The application serves requests from various front-end systems
(XML over HTTP) and depending on these requests, retrieves the data
from various back-end repositories.
The development team has built a front-end just for testing
(functional) this application in the UAT environment. In such a
scenario, I need some pointers on how should I perform the pentest of
this middleware application.
Regards,
Anant Iyer
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
