RE: Infrastructure Testing for Web Applications

["Ory Segal" <osegal () watchfire com>]

Hello Paul,

When you say 'infrastructure testing', do you refer to testing only
platform-specific issues, such as problems in Microsoft IIS, Apache,
etc..? or are you referring to testing your web application for
application-layer issues (e.g. XSS, SQL Injection, etc.)?

As a starting point, you can check out the following whitepaper:
https://www.watchfire.com/securearea/whitepapers.aspx?id=20
("Methodologies and Tools for Web Application Security Assessment")

Good luck with the assessment,

Ory Segal
Watchfire

  

-----Original Message-----
From: Paul Justin [mailto:pauljustin () gmail com] 
Sent: Wednesday, September 06, 2006 7:25 PM
Cc: pen-test () securityfocus com
Subject: Infrastructure Testing for Web Applications

Good evening all,

We are looking at doing infrastructure testing for our company's web
applications, and was wondering what sort of methodologies / tools do
you all use to assist yourselves in this process?

Best regards,
Paul J.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------