|
WebApp Sec
mailing list archives
Re: Web Application Security Testing Procedures
From: "Adam Tuliper" <amt () gecko-software com>
Date: Thu, 30 Dec 2004 12:00:10 -0500
From a high level to start:
-Cross site scripting
-Data input validation attacks (overflows, sql injection,
etc)
-Check and validate all form/querystring/cookie values as
well as making sure your data is cleaned up and invalid
characters/strings removed.
-Banner/Error message revealing - Can information be
retrieved that helps an attacker attack your application
better.
-Denial of service possibilities stemming from any of the
above as well as DOS from repeated requests that take a
while to process (if any exist in the app).
..
..
..
On Tue, 28 Dec 2004 12:05:49 -0500
Lecia McCalla <lmccalla () fsl org jm> wrote:
Hi All,
I am currently researching Web application security with
the ultimate goal
of preparing a Web Applications Security Testing
Procedures Document.
However, since I'm a novice in the field, I'm requesting
some assistance
from the group.
Please provide suggestions and/ or guidelines as to what
should be
considered when testing security for web applications.
Regards,
Lecia McCalla
Business Analyst - Quality Management
Fiscal Services Limited
Mailto:lmccalla () fsl org jm
Tel: (876)927-1125-8 Extn 3815
Fax: (876)927-1810
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
 By Date 
By Thread
Current thread:
- Re: Article - A solution to phishing, (continued)
| 
Intro
