Penetration Testing mailing list archives

Re: java source code audit

From: AdityaK <aditya1010 () gmail com>
Date: Thu, 4 Oct 2007 22:14:06 +0530

Hi

They're using Hibernate, so I'm discarding SQL injection vulnerabilities.





You can check for these in the Hibernate  layer because these can
cause SQL injections  :
1)Are Native SQL queries contain directly user entered data.
2)Are  Dynamic queries generated by Hibernate for hitting the DB are
not  bounded to DB parameters.

Because they developed a client of their own instead of using a Web browser


You cant trust a Home grown Client is it  Flash or applet  check how
client reacts when you change the versions (Flash9 to 8 or JRE 1.4 to
1.5 etc ).
How is the signing of applet taking place if the client is Java based
if what is the error thrown when  cert is self signed  etc .



My .2 cents of pentesting

AK

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

java source code audit Guillermo Caminer (Oct 03)
- Re: java source code audit Robin Sheat (Oct 03)
  - Re: java source code audit David M. Zendzian (Oct 04)
- Re: java source code audit Brian Toovey (Oct 03)
  - Message not available
    - Re: java source code audit Brian Toovey (Oct 04)
    - Re: java source code audit SD List (Oct 05)
- Re: java source code audit AdityaK (Oct 04)
- RE: java source code audit Debasis Mohanty (Oct 04)
- <Possible follow-ups>
- Re: java source code audit nmonkee (Oct 04)
- Re: java source code audit cwright (Oct 04)