Security Basics mailing list archives

Re: Basic security tests for web management application

From: "Adam Pal" <pal_adam () gmx net>
Date: Thu, 17 Apr 2008 17:23:57 +0200

Hi Ishay

Maybe trying something like 
-provide wrong parameters
-guess the login mechanism and crash it
-inject the login mask
-if parameters provided with GET attack the URL
-modify the login reply (for instance using paros)
-run a dictionary attack against the login


cheers

Adam

-------- Original-Nachricht --------

Datum: Thu, 17 Apr 2008 11:58:30 +0300
Von: Ishay <ishaybs () gmail com>
An: security-basics () securityfocus com
Betreff: Basic security tests for web management application

Hello list,

Our product’s management is done via WEB application.
The first page of the WEB application is a login page.

I am wondering what basic security tests (pen tests?) I need to do and 
what tools should I use.

I will appreciate your help with it.

Thanks,
Ishay


-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

Current thread:

Basic security tests for web management application Ishay (Apr 17)
- Re: Basic security tests for web management application Adam Pal (Apr 17)
- Re: Basic security tests for web management application Gleb Paharenko (Apr 18)
  - RE: Basic security tests for web management application Sergio Castro (Apr 18)
- <Possible follow-ups>
- Re: Re: Basic security tests for web management application jason . gerfen (Apr 18)