WebApp Sec mailing list archives
Penetration Testing Report - Sample Report
From: "Ofer Maor" <ofer () imperva com>
Date: Tue, 23 Mar 2004 10:38:13 +0200
Dear WebAppSec List, Imperva(tm)'s Application Defense Center (formerly WebCohort Research) has released a new paper. This paper demonstrates a real Application Penetration Testing Report, as should be provided at the end of an application penetration testing. The penetration testing was performed on a sample e-commerce application named SuperVeda, developed by Imperva(tm) for demonstration, testing and training purposes. At the end of the penetration testing, a report was written, as if the site belongs to a real customer. This paper can be interesting both for technical and non technical audiences. IT/Security personnel can use it to get an idea of what they will be receiving at the end of an Application Penetration Testing. Technical people can use this paper to have better understanding of the vulnerabilities found in modern web applications, as they present themselves in a real world application. Some of the vulnerabilities presented in this paper: - SQL Injection - Unauthorized Access to Accounts - Cross Site Scripting - Parameter Tampering - Forceful Browsing - Cookie Poisoning The sample report was written by Moran Surf, an Application Security Expert in Imperva(tm)'s Application Defense Center. The paper can be found at: http://www.imperva.com/application_defense_center/white_papers/default.a sp?show=pentest --- Imperva(tm)'s Application Defense Center <adc imperva com> http://www.imperva.com/adc
Current thread:
- Penetration Testing Report - Sample Report Ofer Maor (Mar 23)